Crossword Cybersecurity Plc

Identiproof

Identiproof provides an easy to use and quick to implement digital identity solution for credential issuers, holders and verifiers that supports the W3C Verifiable Credentials model, and other relevant standards.

Features

• Automate cumbersome workflows
• Easy integration through REST API
• Fully encrypted credentials
• Instant credential creation and verification
• VC issuer service/API for integrating this with your user database
• VC wallet for users with iPhones and Android smartphones
• Verifier web service/API
• Verifier app for iPhones/Android tailored specifically to a service

Benefits

• Replace physical credentials with secure forgery proof digital credentials
• Streamline credential issuing processes
• Eliminate fraud
• Significantly reduce costs
• Supports self sovereign identity putting the individual in control
• Fully GDPR compliant and privacy preserving
• Designed for interoperability with other systems

£12,000 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richard.page@crosswordcybersecurity.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

411687137332717

Contact

Richard Page
0333 090 2587
richard.page@crosswordcybersecurity.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: None
• System requirements: Browser based SaaS solution - no system requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: User support, including telephone and email support for up to two named Customer “super-users” during Business Hours (meaning 9.00am to 5.30pm (GMT) on Business Days).
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: User support, including telephone and email support for up to two named Customer “super-users” during Business Hours (meaning 9.00am to 5.30pm (GMT) on Business Days).
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Crossword will work with the customer and provide implementation services to connect our cloud based API to your database
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The service does not store any data
• End-of-contract process: We would simply remove the service

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Our REST API connects to your database that contains the information needed to generate the credentials. It is a simple API with just two calls making it straightforward to implement
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Any credential can be customised to suit business requirements. Any attributes can be created as part of the credential. Look and feel can be customised, including the mobile wallet

Scaling

• Independence of resources: We run a separate tenant for each customer and ensure that the service is provided with enough capacity. Demand from other users does not affect the platform

Analytics

• Service usage metrics: Yes
• Metrics types: We can provide details of the logins, number of assessments sent, completed, outstanding. The software provides tracking of the whole end to end processes.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: There is no data stored by the service
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Service Credits are calculated as a percentage of the total charges paid by the Customer for the Services for the Quarter in which the error occurred in accordance with the below. ; ; =>90.0% but < 95.0% - 20%; Less than 90.0% - 40%; Less than 50% - 80%; ; To receive a Service Credit, Customer must submit a claim in writing. To be eligible, the credit request must be received by Crossword no later than 30 days after receipt by Customer of the management information for the relevant period. Any credit request must include:; ; i. the words “SLA Credit Request” in the subject line; and; ii. the dates and durations of each period of Downtime.; ; b. Crossword will issue the Service Credit to the Customer within one month of the confirmation by Crossword of the Customer’s request. ; c. Crossword will apply any Service Credits only against future payments otherwise due from the Customer. At Crossword’s discretion, Crossword may issue the Service Credit to the billing details the Customer used to pay for the billing cycle in which the error occurred. Service Credits may not be transferred or applied to any other account.
• Approach to resilience: Available on request
• Outage reporting: Through email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Support Administrator (Crossword); 1. Two factor via IP restriction; 2. Minimum password requirements; 3. No access to user assessment data, only general account information.; 4. No database access; 5. No full-deletion capability; ; Development Administrator (Crossword); 1. Minimum password requirements; 2. Two factor via mobile phone; 3. Restricted to two administrators only; 4. Full database access
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: IP Restriction

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: IASME Governance Certification

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials and Cyber Essentials Plus; IASME Governance
• Information security policies and processes: Crossword has a CISO within the business. The security risk committee operate a set of security policies and processes that are regularly reviewed. Users undergo annual security awareness training. Our policies and processes are independently assessed for our IASME governance certification

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Patches
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Rizikon is scanned continuously for vulnerabilities using SonarQube, identified vulnerabilities are categorised according to CWE and then mitigated according to the seriousness of the vulnerability.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Monitoring is performed using AWS Cloudwatch. Crossword follows our incident response plan to escalate any perceived incidents. Incidents are responded to within 24hrs
• Incident management type: Supplier-defined controls
• Incident management approach: Crossword maintains an incident management policy . Users report incidents via email or through our support ticketing system. Incident reports are provided via email to our customers.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Covid-19 recovery:

  Covid-19 recovery

  Crossword is a growth business and as such are helping with the Covid-19 recovery through the creation of jobs in the labour market. This creates employment, re-training and other return to work opportunities for; those left unemployed by COVID-19, particularly new opportunities in high; growth sectors such as cyber security.

Pricing

• Price: £12,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A proof of value can be provided in exceptional circumstances

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richard.page@crosswordcybersecurity.com. Tell them what format you need. It will help if you say what assistive technology you use.