Phonehub IO Ltd

Prison Video - Secure Video Calls

Prison Video is a secure purpose-built video call system enabling fully-monitored "virtual visits" between prisoners and approved contacts, either social or professional.

Features

• High-quality secure encrypted video calls for prisoners.
• Live monitoring, recording, and device control.
• Automatic ID verification for external partcipants.
• Facial Recognition, nudity detection, and activity detection.
• One-way video option for high-risk/notorious prisoners.
• Manual booking managment system or fully automated bookings.
• Optional secure short-range wifi network with secure routers.
• Can be integrated with existing prison systems.
• Instant playback of recordings with timestamped events.
• Wide support for Android and iPhone including legacy devices.

Benefits

• Enhance decency by enabling family contact where visits otherwise impossible.
• Strengthen family ties in line with the Farmer Review recommendations.
• Alleviate prisoner stress, making the establishment safer for all.
• Simplify Covid19 and safety controls by grouping bookings by unit.
• Reduce staff resources by inteligently scheduling calls.
• Enable medical followups without the expense/risk of escorting prisoners.
• Prisoners unfamiliar with technology can easily use the service.
• Enable access to external legal support and other agencies.
• Purpose built in direct consultation with prison staff and governors.
• Enhance public protection with real-time controls.

£5 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alex.redston@phonehub.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

421407462364565

Contact

Alex Redston
01603340589
alex.redston@phonehub.io

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: None
• System requirements:
  • Android 6+ or iOS 10.2 and above for external user.
  • Broadband speed 0.8 Mbps up, 1.6 Mbps down per terminal

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: During normal business hours we aim to respond within 2 hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: None
• Onsite support: Onsite support
• Support levels: We provide support for both prison staff by email and telephone call with remote access via VPN for technical support staff where required.; ; All prisons have a direct named contact who can be reached 7 days of the week.; ; Phone and email support goes directly to both technical and customer service team. All queries responded to rapidly, typically within 1 hour. Technical support available within similar timeframes.; ; We operate as a social venture putting social impact above profit, therefore we do not charge for technical support where it is our software or service which is at fault. Where equipment may have been damaged by prisoners or another external cause we will charge an appropriate amount to cover our reasonable expenses and the replacement of any items which have physically failed or been broken.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite installation and training is provided for prison staff and management. Detailed documentation is included for reference, including training videos.; Documentation and instruction materials are provided for end users, including video guides.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Prison staff can, if required, extract data on video calls, including recordings, via the monitoring interface.
• End-of-contract process: Equipment not owned by prison is returned to the supplier. Mobile app functionality is disabled for that prison.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Professional users can use the service from their work laptops, mobiles or tablets; ; Social users can access it from their mobile device / tablet via an app. Both methods are similar in user experience.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: Usage reports, scheduling visits, adding identity documents, getting contacts lists, editing relationships, viewing and editing restrictions. Other customisations possible.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Prison Video can be customised on an individual establishment basis or an individual prisoner basis. High-risk populations such as sex offenders may have additional restrictions applied, including participant age detection and flagging, enhanced identification requirements, additional terms-of-use agreements at either end, and one-way video feeds. High-risk prisoners may also have customised restrictions in place.; ; All customisations are managed through the Prison Video management portal.; ; Restrictions can be managed by prison staff with the appropriate role.

Scaling

• Independence of resources: Capacity automatically scales to meet scheduled demand. All hardware and network connections are chosen to be highly scalable.

Analytics

• Service usage metrics: Yes
• Metrics types: Number and duration of video calls by time period.; Scheduling and capacity usage.; Security incidents, reasons for denied, paused, or terminated visits.; Data can be provided by individual user.; Other custom analytics can be provided upon request.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: FIPS-assured encryption.; Secure containers - racks or cages.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Approved prison staff can export video recordings and data from the monitoring interface in encrypted format.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Video files.e.g MP4, webm
  • Audio files
• Data import formats: Other
• Other data import formats: N/A

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Services are available 365 days x 24 hrs with guaranteed SLA of 99.9% of availability.
• Approach to resilience: Available on request.
• Outage reporting: Email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Two-factor authentication required to access management interfaces and support interfaces. Access is restricted using Role Based Access Control to approved user accounts, VLAN on the network and access to the network interface. Routing restrictions are in place with registered MAC addresses and access to the routers is restricted to admin's only. VPN's are in place to ensure the data is secure during transit.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyds Register
• ISO/IEC 27001 accreditation date: 05/07/2021
• What the ISO/IEC 27001 doesn’t cover: None of our business activities are not within the scope of our ISO 27001 certification. ; ; Our statement of applicability excludes outsourced software development, which we do not engage in. All development is done in-house.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Security Metrics
• PCI DSS accreditation date: 04/02/2022
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Penetration tested by an NCSC approved CHECK Certified company

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We follow security processes as documented in our Information Security Management System (ISMS) Policy Manual, based on ISO27001 standards.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Phonehub IO Ltd has a formal documented Change Management process in place as defined in its ISO27001 management system. The Change Management Board (CMB) meet weekly to approve or reject requests for changes, to ensure the integrity of the process.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: For known product vulnerabilities we regularly apply all operating system and software updates. Daily automated third party vulnerability scanning using tenable.io
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Pervasive security controls with Next Generation Antivirus (NGAV); Endpoint Protection and Response (EDR); and Threat Graph
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Phonehub IO Ltd has a set of defined policies and procedures for incident management in accordance with ISO27001 best practice. The Information Security team will assess the seriousness of any situation and will take necessary action to limit any potential impact. All incidents are logged and reviewed.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Equal opportunity:

  Equal opportunity

  We prevent bias within employment by offering equal opportunities for vulnerable and disadvantaged groups; and never discriminating against protected characteristics. ; ; We work with prisons to create employment opportunities for prisoners in appropriate risk assessed positions.; ; We seek to employ neurodiverse individuals who face specific challenges in mainstream employment. The benefit is mutual, unlocking the hidden potential and unique perspectives of individuals with autism.; ; We provide an inclusive workplace, supporting our LGBTQ+ colleagues.

Pricing

• Price: £5 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alex.redston@phonehub.io. Tell them what format you need. It will help if you say what assistive technology you use.