UK Allied Associates

Hypnos

Hypnos is a software product to perform mediation---the encapsulation of lawfully intercepted(LI) network traffic and its delivery to a Law Enforcement Agency(LEA) compliant with ETSI and other delivery standards. The software activates warranted intercepts at the authorised time, delivers intercepted traffic to LEAs, and deactivates when authorised time elapses.

Features

• Investigatory Powers Act 2016 / DRIPA 2014 Compliance
• Easy to use browser-based dashboard
• Cloud and on-premise installations available
• Support for ETSI and CALEA delivery standards
• Support for Cisco SII, PacketCable2.0, Juniper, and other interface types
• Modular design allows for easy addition of interface types
• Automatic or user-requested software updates
• System secured with PKI and org/user auth

Benefits

• Flexibile installation options
• Reduced or removed hardware costs
• Users can easily provision new targets as required
• Prevent unauthorised access to provisioning interface and data
• Low cost to add new interface types or LEA features
• Compliance with UK Lawful Interception standards

£1,000 an instance a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@uka2.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

390348072900016

Contact

Dan Metcalfe
02037144230
contact@uka2.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: If user chooses on-prem installation of software, we will only support recommended hardware configurations listed in our user guide.
• System requirements:
  • Essential: Docker 20.10 or AWS Fargate
  • Deployed on: Linux or Windows (virtual or physical), or cloud
  • 1 Gbps network connection
  • 500 GB of available storage
  • MongoDB 4.4 (containerised)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 4 business hours, Mon-Fri 09:00-17:00; Weekend support available for additional fee
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We offer:; - Basic support included with yearly maintenance. Includes access to the Hypnos support portal to submit trouble tickets, review knowledge base, and check status of issues. Also included is business hours phone support.; - Premium support offers Basic support plus allows for Hypnos engineers to prioritise specific customer issues. Price: £100/hour, available up to 16 hours/month.; - Custom support packages to support specific customer requirements (such as after-hours support, major customisations, etc) can be offered for an additional fee.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Users perform self-install using our operator's manual provided at time of purchase. We are able to offer live online product training on request.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: All data is stored in MongoDB, and customers are free to export data themselves on contract end.
• End-of-contract process: The service will stop working at the end of the contract. Users will be warned at least 30 days before contract end to see if they want to extend the service. If user purchases a contract extension, we update our system to reflect the extended contract end date. If not, the users will be locked out of service at the contract end time.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • Windows
  • Other
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Provisioning through a RESTFul API; SNMP; SSH/DTCP; ETSI 103.221-1; other.; LEA delivery using corresponding ETSI/CALEA standards.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Product can be customised to support additional IAP or network elements. Support for additional delivery standards and data processing requirements (e.g. filtering). These customisations must be made by Hypnos engineers at customer's request, and come at an additional fee.; UI can be customised through white-label branding and language selection.

Scaling

• Independence of resources: Users install our software in their own environments, and are not impacted by demand by other users

Analytics

• Service usage metrics: Yes
• Metrics types: IAP, processing and delivery throughput metrics can be viewed on real-time dashboard.; Network protocol analysis for traffic type, volumes and usage.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Allied Associates International (US parent company)

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Never
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Through interfaces provided by MongoDB, or by setting up their instance of MongoDB that they control (making data storage outside the scope of our system).
• Data export formats: Other
• Other data export formats:
  • JSON
  • XML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: No SLAs for availability
• Approach to resilience: Container-based architecture allows for system replication
• Outage reporting: Not applicable to our service

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: PKI - client certificates.; Username and password.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Cyber Essentials.; Internally developed ISMS.
• Information security policies and processes: Cyber Essentials.; Internally developed ISMS.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Use of change processes leveraging Docker, Git, and continuous integration for service component tracking. ; ; Performance of an in-house service penetration test conducted on each software update or configuration change.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: In each 2-4 week development sprint, a task is added to check for security-related updates and/or known issues with all third party components used in Hypnos. If an issue is found, then it is assessed for severity. Critical issues are prioritised for immediate update, and an immediate release is made. Moderate to low priority updates are planned for the next regular release, to happen at the end of the current sprint.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: The Hypnos Docker service is hosted on the company's network, and uses protective monitoring measures in accordance with ISO-27001, and are working toward certification.
• Incident management type: Undisclosed
• Incident management approach: Hypnos employs company incident response processes in accordance with ISO-27001 standards, and are working toward certification.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  UKA2 Engineers are responsible for all aspects of the sustainable production of high-quality software products for Buyers - they don't "just" write code. UKA2's roadmap for continued sustainable growth of the services we provide to public sector organisations aligns with “Responsible Consumption And Production” from UN's Sustainable Development Goal 12 in 2030 Agenda. Its 10 Year Framework, encouraging companies to adopt sustainable practices, bridges the efforts at UKA2 and our US parent company. When designing new Services for Buyers, we apply preventative measures against waste and carbon production. Our engineering teams seek to continually improve any sustainability goals of established services we are contracted to support. UKA2 on-premises servers, accessed through low-energy Thin Clients, provide both business and technical users secure, flexible tools and services. Servers automatically power off after hours, so usage and cost of energy is minimal, 100% supplied from renewable sources. Certified “CarbonNeutral” Cloud Services and Hosting (e.g. UKCloud) are recommended to Buyers at project Design stage, based on our service deployment experiences. Any services we create are assessed for energy efficiency and potential (then actual) change to carbon footprint from End Users. UKA2 provides the Buyer with an itemised carbon footprint measurement of any products or services during the tender stage, then suggests any candidate areas for improvement as part of a sustainability roadmap. Sustainable practices form the core of everyday activities; from our commitment to being paper-free, to only procuring low-energy office equipment, to proactive monthly maintenance and compliance checks. Information generated by these activities is reported quarterly to the Board.

Pricing

• Price: £1,000 an instance a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: 1 month trial in customer sandbox or live environment. Serves as demonstration of capability.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@uka2.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.