Skip to main content

Help us improve the Digital Marketplace - send your feedback

Crossword Cybersecurity Plc

Identiproof

Identiproof provides an easy to use and quick to implement digital identity solution for credential issuers, holders and verifiers that supports the W3C Verifiable Credentials model, and other relevant standards.

Features

  • Automate cumbersome workflows
  • Easy integration through REST API
  • Fully encrypted credentials
  • Instant credential creation and verification
  • VC issuer service/API for integrating this with your user database
  • VC wallet for users with iPhones and Android smartphones
  • Verifier web service/API
  • Verifier app for iPhones/Android tailored specifically to a service

Benefits

  • Replace physical credentials with secure forgery proof digital credentials
  • Streamline credential issuing processes
  • Eliminate fraud
  • Significantly reduce costs
  • Supports self sovereign identity putting the individual in control
  • Fully GDPR compliant and privacy preserving
  • Designed for interoperability with other systems

Pricing

£12,000 a licence a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richard.page@crosswordcybersecurity.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

4 1 1 6 8 7 1 3 7 3 3 2 7 1 7

Contact

Crossword Cybersecurity Plc Richard Page
Telephone: 0333 090 2587
Email: richard.page@crosswordcybersecurity.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
None
System requirements
Browser based SaaS solution - no system requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
User support, including telephone and email support for up to two named Customer “super-users” during Business Hours (meaning 9.00am to 5.30pm (GMT) on Business Days).
User can manage status and priority of support tickets
No
Phone support
No
Web chat support
No
Onsite support
No
Support levels
User support, including telephone and email support for up to two named Customer “super-users” during Business Hours (meaning 9.00am to 5.30pm (GMT) on Business Days).
Support available to third parties
No

Onboarding and offboarding

Getting started
Crossword will work with the customer and provide implementation services to connect our cloud based API to your database
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
The service does not store any data
End-of-contract process
We would simply remove the service

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
No
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
Our REST API connects to your database that contains the information needed to generate the credentials. It is a simple API with just two calls making it straightforward to implement
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Any credential can be customised to suit business requirements. Any attributes can be created as part of the credential. Look and feel can be customised, including the mobile wallet

Scaling

Independence of resources
We run a separate tenant for each customer and ensure that the service is provided with enough capacity. Demand from other users does not affect the platform

Analytics

Service usage metrics
Yes
Metrics types
We can provide details of the logins, number of assessments sent, completed, outstanding. The software provides tracking of the whole end to end processes.
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
There is no data stored by the service
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Service Credits are calculated as a percentage of the total charges paid by the Customer for the Services for the Quarter in which the error occurred in accordance with the below.

=>90.0% but < 95.0% - 20%
Less than 90.0% - 40%
Less than 50% - 80%

To receive a Service Credit, Customer must submit a claim in writing. To be eligible, the credit request must be received by Crossword no later than 30 days after receipt by Customer of the management information for the relevant period. Any credit request must include:

i. the words “SLA Credit Request” in the subject line; and
ii. the dates and durations of each period of Downtime.

b. Crossword will issue the Service Credit to the Customer within one month of the confirmation by Crossword of the Customer’s request.
c. Crossword will apply any Service Credits only against future payments otherwise due from the Customer. At Crossword’s discretion, Crossword may issue the Service Credit to the billing details the Customer used to pay for the billing cycle in which the error occurred. Service Credits may not be transferred or applied to any other account.
Approach to resilience
Available on request
Outage reporting
Through email alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Support Administrator (Crossword)
1. Two factor via IP restriction
2. Minimum password requirements
3. No access to user assessment data, only general account information.
4. No database access
5. No full-deletion capability

Development Administrator (Crossword)
1. Minimum password requirements
2. Two factor via mobile phone
3. Restricted to two administrators only
4. Full database access
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication
IP Restriction

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
IASME Governance Certification

Security governance

Named board-level person responsible for service security
No
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Cyber Essentials and Cyber Essentials Plus
IASME Governance
Information security policies and processes
Crossword has a CISO within the business. The security risk committee operate a set of security policies and processes that are regularly reviewed. Users undergo annual security awareness training. Our policies and processes are independently assessed for our IASME governance certification

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Patches
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Rizikon is scanned continuously for vulnerabilities using SonarQube, identified vulnerabilities are categorised according to CWE and then mitigated according to the seriousness of the vulnerability.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Monitoring is performed using AWS Cloudwatch. Crossword follows our incident response plan to escalate any perceived incidents. Incidents are responded to within 24hrs
Incident management type
Supplier-defined controls
Incident management approach
Crossword maintains an incident management policy . Users report incidents via email or through our support ticketing system. Incident reports are provided via email to our customers.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Social Value

Covid-19 recovery

Covid-19 recovery

Crossword is a growth business and as such are helping with the Covid-19 recovery through the creation of jobs in the labour market. This creates employment, re-training and other return to work opportunities for
those left unemployed by COVID-19, particularly new opportunities in high
growth sectors such as cyber security.

Pricing

Price
£12,000 a licence a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
A proof of value can be provided in exceptional circumstances

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richard.page@crosswordcybersecurity.com. Tell them what format you need. It will help if you say what assistive technology you use.