STORYZY

Disinformation Analysis Tool

Storyzy built a SaaS platform that helps its users detect disinformation and perform OSINT investigations.

Features

• Social network analysis
• Deepfake detection
• Topic and source monitoring

Benefits

• Data visualization
• Characterize sources

£1,000 to £5,000 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at asli.altinbay@storyzy.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

378352026749213

Contact

Asli Altinbay
+33 6 75 82 54 53
asli.altinbay@storyzy.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Currently no constraints
• System requirements: No system requirement

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Questions are not replied on weekends. During the week, questions are replied the same day.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: - Support during French business hours.; - Premium support available upon request & commercial proposal; - Technical account manager available.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Training sessions are provided for free. Either onsite or online via Zoom or Teams. In addition to the training sessions, user guide is provided as well so that users of our platform can rapidly understand all the features Storyzy’s platform offers.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Storyzy concludes a licensing agreement with users and this agreement covers the duration of the contract only.
• End-of-contract process: When the contract ends:; 1) SaaS service is stopped,; 2) confidential information should be destroyed or returned to us

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Storyzy’s SaaS platform helps identify and analyze the global spread of online disinformation, based on metadata and content analysis. Storyzy classifies and assesses news sources using both cutting-edge Artificial Intelligence and human expertise. Storyzy’s dynamic database has more than two million indexed sources in 42 languages, users can carry out searches in English, French, Arabic or Russian for example. This gives the platform a global reach and makes it easier to identify international and multi-lingual disinformation networks.
• Accessibility standards: None or don’t know
• Description of accessibility: With our platform, users can do data analysis quickly. It is possible to download data directly from our interface.
• Accessibility testing: /
• API: Yes
• What users can and can't do using the API: Any set up or modification of the service via the API is done through Storyzy. The user must contact our services in order to make any changes. The limitations of the service via the API are defined by different types of contracts between the user and Storyzy.
• API documentation: Yes
• API documentation formats:
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can customize the database of news sources by adding new sources or modifying the existing categories and tags.

Scaling

• Independence of resources: The customisation of our user interface depends on the contract between the user and Storyzy.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data using a download button available on the interface for all queries. The data will be extracted in an Excel format.
• Data export formats: ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: During the Term, Storyzy will provide the Service with reasonable skill and care and provide the Service in accordance with any descriptions of the Service referred to on an Order. Other than as set out in the Agreement, all other warranties, conditions and representations, whether express or implied are excluded. Storyzy is only responsible for its own Service.
• Approach to resilience: It's available on request.
• Outage reporting: Our service does not report outages directly. Affected users can report malfunctions to us via email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: - sensitive data is encrypted; - a right management procedure is in place
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Approach; • Most of our security efforts are currently focused on the management of the hosting of our servers and databases:; o Security related measures: HTTPs, VPNs, strict data access policies, customer data encryption,…; o Our last penetration testing was performed on June 2021 by the French MoD and we successfully passed it.; o Backups and data redundancy: our databases are replicated in real-time in a master-slave configuration. This replication is performed in two different locations.; • In terms of methodology, we are currently following the EBIOS Risk Manager published by the French ANSSI governmental agency.
• Information security policies and processes: - penetration testing; - Backups and data redundancy; - EBIOS Risk Manager published by the French ANSSI governmental agency.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: - the components of our services are tracked through their lifetime by versioning; - A non regression tool checks that changes does not have a potential security impact
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: - Our sources and assession of potential threat is confidential information.; - Patches are mainly deployed on a 48h timeframe, could be quicker.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: - Our source and assession of potential compromise is confidential information.; - the responding answer and delay depends on compromise.
• Incident management type: Supplier-defined controls
• Incident management approach: We have an internal incident tracking tool for users to manage incident.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  We respect the principles of fair treatment and respect to everyone.

Pricing

• Price: £1,000 to £5,000 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Free trial includes access to standard features.
• Link to free trial: On demand.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at asli.altinbay@storyzy.com. Tell them what format you need. It will help if you say what assistive technology you use.