Aiimi Ltd

Aiimi Insight Engine – Data Privacy & Compliance

Insight Engine is our unique discovery platform. It works alongside you, using artificial intelligence to identify personal data across all of your data sources. Providing SAR collection, redaction and disclosure capability along with auditing and actions for non-compliant personal or PCI data storage. Simple and slick user interface.

Features

• GDPR and PCI Risk Dashboarding and Mitigation
• Multi-Source document and data cataloguing and discovery
• Collection of information for response to SARs
• Highlighting of people, organisations, places and personal data
• Mark for redaction (Redlining)
• Burn in redactions to PDF
• Export data records to PDF
• SAR deadline extension
• Disclosure Portal for subject use
• Full analytics and audit

Benefits

• Find content across multiple sources quickly and easily
• Find data alongside documents in one search
• Protect third person information reliably
• Rapid machine assisted redaction
• Multi-factor subject authentication
• Easy to use by untrained subjects and by internal staff
• Allows centralisation of the discovery and disclosure process
• Supports right to be forgotten processes

£33,000 to £33,000 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at meustace@aiimi.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

368719063591653

Contact

Matt Eustace
+447919330081
meustace@aiimi.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: No significant constraints.
• System requirements: Requires either Windows or Linux operating systems

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: P1 - 30 Minutes; P2 - 2 Hours; P3 - 4 Hours; P4 - 8 Hours; Within UK business hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Support is provided by our UK based service desk and by dedicated DevOps engineers. We provide support at 10% of the license cost (note that example license pricing provided here includes this 10%). DevOps engineers are aligned to specific customers and provide personalised support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: There are two sets of users that are involved in the Insight Engine onboarding process; Insight Engine administrators (i.e. those responsible for administering the Insight Engine service for their respective organisation), and end users (i.e. those who will use the service to perform their role).; ; For Insight Engine administrators, user friendly, high quality documentation and guidance materials are provided and cover the following areas: installation, configuration, testing, and security. FAQ’s and help pages are also available.; ; Knowledge articles and demonstration materials exist for core Insight Engine Applications designed to educate and raise awareness to end users with an engaging overview of what the platform functions are, for what purpose, and how these can be used. Moreover, user experience is a core focus for all Insight Engine product development efforts, ensuring the service is as intuitive and easy to use as possible.; ; End users and administrators also have access to an online Insight Engine community whereby knowledge articles are shared. This also exists as a forum for sharing questions and getting in touch with dedicated Aiimi Insight Engine experts who are on hand to offer best practice guidance and advice.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The service does not hold the original data, it's simply an index of the text from the source, therefore there is no need to extract the index.; ; The index may be enriched with metadata by Insight Engine, or by users of the software. This information can be provided at the end of the service term in CSV format as part of the service close down. There is no charge for provision of this information.
• End-of-contract process: Included in the price of the contract:; ; At the end of the contract, Insight Engine components and Elastic will be uninstalled and all access to applications revoked.; ; Elastic components will be removed from the instance:; - The Elastic instance will be closed down and the data held will be deleted.; - Customer can retain all main indices within Elastic in CSV format. These exports contain the indices, the data outputs from the crawling and enrichment, text content and specify any classification applied to documents. Data can be exported using a CSV export utility that will output the attributes of documents enabling the administrator to select what attributes to be exported :; - Elastic nodes will be closed down and removed from any servers it is installed.; - Elastic service will be closed down; - Kibana service will be closed down; ; The InsightMaker components that will be removed include:; ; InsightMaker Logs:; - Log production will cease; - Historic InsightMaker logs will be deleted; ; Insight Engine services that will be uninstalled:; - Insight Engine Source Agent; - Insight Engine Enrichment; - Insight Engine Security; - Insight Engine Content Agent; ; Applications that will be made inaccessible:; - Insight Engine; - Kibana

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The web interface is fully responsive to the client form factor.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: The service provides two APIs, the Search API which can be used to build applications (e.g. Low Code) applications that interface with the service, and the Data Science API (a licensed module) that allows full access to the service for analytics and reporting purposes.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The branding, colour scheme, data sources and data enrichment processes can all be customised. This customisation is carried out by Aiimi's DevOps engineers.

Scaling

• Independence of resources: The application is scaled according to data volume and user load. Discovery loading is multi-threaded and can be scaled up and down to avoid impact on other services and users. Customers are segregated at Hypervisor level and allocated dedicated resources appropriate to their expected usage.

Analytics

• Service usage metrics: Yes
• Metrics types: The application provides an interface for service analytics which provides the following metrics:; - Page popularity; - Volume of users by month and by function; - Volume of searches; - Search performance; - User feedback; - Usage by department; - Search term usage
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data can be exported in JSON format on request to our DevOps engineers by raising a ticket through the support desk.; ; Data can be exported by end users by adding records to a collection and then using the Export functionality within the UI to create a CSV extract,
• Data export formats:
  • CSV
  • Other
• Other data export formats: JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: If hosted in Azure, Google or Amazon datacentres, we provide a 99.99% uptime SLA for the application (agreed maintenance windows excepted). The solutions ability to crawl new source data or to be accessible from the customer network is covered to the perimeter of the Aiimi provided facility, e.g. we do not provide an SLA for customer network connections. Customers receive support service credits when SLAs are not met.
• Approach to resilience: Insight Engine can be provisioned in Azure, AWS and GCP environments as well as on-premises, each with similar approaches to resilience. An Aiimi implementation will include our best practice resilience measures, including taking advantage of geographical and in-datacentre resilience features provided by the datacentre. Examples include ensuring that multiple machines are used to support the service, each patched and maintained at different times and with independent power, cooling and network connections. The service itself makes use of stateless connections, load balanced web application servers and sharded indexes. Background activities such as source system crawls and metadata enrichment processes can run on any available server, providing resilience for back-end services. The resilience approach appropriate to your chosen infrastructure provided will be discussed prior to implementation.
• Outage reporting: We routinely monitor the health of our elasticsearch cluster through Kibana Monitoring to ensure that the cluster is in a healthy state and performing as expected. Aiimi will also monitor dashboarding offered by cloud providers e.g. Google Stackdriver Monitoring or Azure Monitor. These dashboards allow us to track the performance of our hardware and software in real time. E-mail alerts are also setup to notify Administrators, should any metrics exceed pre defined thresholds.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Aiimi Insight Engine uses domain independent authorisation for management and support interface access. These logons only allow access to the management interfaces and full audit is recorded for all management actions.; ; A starters movers, leavers process is used to control and audit who is authorised to access systems and this is provided on a 'need to know' basis rather than access being granted to all support and service staff to all systems.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our security practices are accredited to Cyber Essentials Plus and aligned to the ISO27001 annex A controls. Aiimi is currently undergoing ISO27001 certification.
• Information security policies and processes: Aiimi has an Information Governance Committee which is responsible for generating and reviewing data security and policies. The policies are then reviewed by the board and distributed to staff by the HR team. Information governance and data protection clauses are also included in staff contracts and updated with employee data privacy notices on a regular basis in-line with changes in the security policy.; ; Our policies are in-line with ISO27001 and communicated to staff in a number of ways:; - Monthly all staff briefings for the latest information security concerns; - Regular automated information security tests; - Electronic information security training with assessments. This is focussed on the staff role; - Ad-hoc staff updates related to current concerns; ; Aiimi has an annually reviewed risk management framework that is agreed with the board, which guides the activities of the information governance committee who implement policy changes to cater for current risks. The IGC meet as a committee once a quarter, or on demand if required.; ; Incident management is handled by our service desk and a formal procedure governs how incidents are handled.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Instances of Insight Engine hosted by Aiimi will be commissioned on Azure infrastructure in a customer resource group and the change management approach for that instance will be agreed with the customer. Based upon a template that defines the annual maintenance windows, KPIs, SLAs, RPO and RTO for the instance, change management activities will be governed by those requirements. Application releases and code components are managed in GitHub and all releases are penetration tested in-house on QA environments and again when released to a customer environment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Aiimi deploys two key mechanism for assessing threats to the application. First is a peer code review by developers trained in secure software development. Training is provided by KnowBe4. The second is through the use of AppCheck to perform vulnerability scans on internal deployments of InsightMaker. These are performed monthly and the output reports are fed into the development backlog.; Patches to security issues are immediately prioritised for development and can be released outside the standard release cycle. High risk security patches are applied by our DevOps team within two days of being issued, or according to customer schedule.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Protective monitoring is only commissioned by Aiimi where we host the application on our customer's behalf in Microsoft Azure datacentres. We use Microsoft Antimalware for Azure Cloud Services and Virtual Machines to identify compromises. Aiimi responds within 30 minutes to an alert, whether that is a potential compromise or an incident.
• Incident management type: Supplier-defined controls
• Incident management approach: The Aiimi Service Desk processes are determined by the Incident Management tool in use and based on the ITIL V3 framework. Incidents are logged, classified, categorized, prioritized, assigned for investigation and investigated until resolved. Customers log incidents via a dedicated email address, a dedicated landline phone number or an on-line portal.; Routine events are handled through scheduled maintenance windows. Recurring issues are logged as Problem tickets for root cause analysis.; Periodic reports are generated using the Incident Management tool and used by customers and internal teams for trend analysis, performance review and continual service improvement.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Aiimi reached net zero in 2019, being certified in that year as a Carbon Neutral Plus company, and we are currently working to offset all of our emissions since the company founded in 2013. Aiimi Goes Green is our green initiatives body and working with our supply chain, we are aiming to encourage and enable our supply chain to also go net zero to their founding. We have commitments from all of our major services partners to work with us on this. We are also B-Corp Pending, aiming to complete B-Corp in 2022.
• Tackling economic inequality:

  Tackling economic inequality

  Aiimi has a range of initiatives to tackle inequality of various forms. Our Aiimi Giving programme aims to help those most in need by raising money to fund charity work, particularly in poorer areas and communities. This includes funding UK Youth who nurture young people providing training and opportunity to some of the most disadvantaged young people in the UK. We also work closely with St Mungo's charity helping people back into work after hardship. We run back to work sessions directly with the charity and teach skills such as coding and use of Office applications. Our apprenticeship programme is aimed at encouraging those who have not been through the traditional routes into IT, including those who are retraining after losing their jobs during the pandemic.
• Equal opportunity:

  Equal opportunity

  We are a proud signatory of the Tech Talent Charter and submit our diversity data annually to this non-profit organisation, which works to address inequality in the UK’s tech sector. In addition to this, we partner with the Global Equality Collective to survey our diversity and employee engagement and we will publish gender and race statistics as part of our commitment to transparency and continual improvement. Our goal is to ensure our company diversity reflects the clients we serve. Our diversity and equal opportunity initiatives include:; - Training to remove bias from decisions, including in interview process; - Training on Diversity, Equity and Inclusion as part of the onboarding process. What does this mean to us as individuals, but also what does it mean to Aiimi as an organisation ; - Collecting our diversity data and using it to set tangible goals ; - Holding diversity events to increase understanding and improve inclusivity within Aiimi, the tech industry, and the local community, with topics such as unconscious bias and allyship ; - Gathering feedback from Aiimi’s team to assess our employment policies and practices ; - Hosting our own ‘Code First: Girls’ courses to encourage women and non-binary people into tech ; - A signatory of the Business in the Community equality charter, Race at Work, which sets out five calls to action to ensure ethnic minority employees are represented at all levels in the organisation; - A signatory of the Tech Talent Charter, which aims to address inequality in the UK tech sector whilst driving inclusion and diversity in a practical and measurable way ; - Build a platform for both Aiimi team members and external speakers to share their experiences of DE&I in the workplace, for example, holding Disability and Autism awareness sessions with local charities to build our knowledge in these areas
• Wellbeing:

  Wellbeing

  Looking after our staff is our number one priority. Our Wellbeing initiative has evolved and grown with Aiimi, and now encompasses a huge range of resources to support our employee’s physical and mental health. From 24/7 access to free counselling, to monthly workshops on topics like imposter syndrome and coping with anxiety, to yoga and meditation, discounted gym membership, and personal training sessions. We also have 14 Mental Health First Aiders at Aiimi, all fully trained to support staff in times of need and help us look out for each other. We’ve made it easy to locate help using our “Meet the Team” intranet pages. Email cares@aiimi.com for more information.

Pricing

• Price: £33,000 to £33,000 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: For complex requirements we will run a 6 step proof of technology, usually over a 3 week period. This includes design sprint, user journey mapping, configuration and proof of technology.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at meustace@aiimi.com. Tell them what format you need. It will help if you say what assistive technology you use.