Xamine
A holistic data enabled public sector financial audit solution for capturing, extracting, validating, cleansing, formatting, interpreting, analysing and presenting data from a range of sources. Uses advanced analytics techniques to analyse and audit test whole financial transaction populations, identifying high-risk transactions, anomalies and potential irregularities for further human investigation.
Features
- Ingest and upload data from third-party financial systems and platforms
- Automation of extract, transform, load, validation and risk analytics processes
- Financial risk, anomaly and trend detection and assessment
- Compare sources, interim, final and previous years audits identifying outliers
- Automated thematic reporting, geographic mapping, trend analysis and dashboards
- Visualise and test rules across audit datasets
- Intuitive UI for filtering, data upload/update, and rule/alert creation
- Automation of financial audit, audit testing and audit reporting
- User and Role-based permission and data access management
- Automatic generation of journal summaries
Benefits
- Combined and reconciled data sources provide holistic view of organisations
- Automation of data ingestion and preparation delivers time efficiencies
- Automation of general ledger reconciliation and monetary unit sampling
- Automation of repetitive tasks improves auditor productivity freeing up time
- Safeguard quality with risk factors/thresholds amended across audit files
- Self-serve data upload and matching/joining reduces reliance on support
- Adding value through better fraud/data error detection and focussed activity
- Self-serve visualisations allow known and unknown insights to be gained
- Apply standard rules across different financial systems using common schemas
- Integrated review workflows provide traceability and audit assurance
Pricing
£3,333 to £5,000 a licence a month
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
4 2 4 2 8 1 4 1 7 7 4 5 3 4 6
Contact
Analytics Engines
Scott Fischaber
Telephone: 02890669022
Email: info@analyticsengines.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Community cloud
- Hybrid cloud
- Service constraints
- Planned maintenance is typically scheduled during Analytics Engines support hours.
- System requirements
- Debian or Red Hat OS operating systems
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Response to support emails are typically within 1 working day (normally within 1 hour).
- User can manage status and priority of support tickets
- No
- Phone support
- No
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Analytics Engines provides basic support for the service, from level 1 to level 3 as part of the cost and provide a technical account manager to oversee and manage the engagement.
Enhanced support (out of hours, phone, on-site, additional training) can be provided at additional cost. - Support available to third parties
- No
Onboarding and offboarding
- Getting started
- User documentation is provided. Onsite or virtual training can be provided as described in the rate card.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- Any uploaded data and results can be extracted from the database upon contract termination in CSV format.
- End-of-contract process
-
At the end of the contract, the buyer should either renew their license with Analytics Engines or they should terminate usage of the service and export any data that they want from the system.
In the case of deployment within the buyers systems, they should remove the service and provide Analytics Engines with confirmation that the service has been removed.
Where Analytics Engines hosts the service, we will shutdown the service and delete the data.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- No
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- A service interface is provided to self-manage users and roles.
- Accessibility standards
- None or don’t know
- Description of accessibility
- The keyboard focus indicator is visible. When any component receives focus, it does not initiate change of context. The pages are titled. The purpose of links can be determined from their text. Headings describe their purpose. Changing the setting of any user interface component does not automatically cause a change of context.
- Accessibility testing
- None
- API
- Yes
- What users can and can't do using the API
- Xamine provides RESTful APIs for all of the functionality of the front-end application which can be accessed by the user if desired.
- API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
- Xamine allows users to create their own rules which can be applied as part of the audit process. This can be configured by individual auditors or administrators.
Scaling
- Independence of resources
- Each customer has it's own service; individual users can be throttled to ensure their usage doesn't impact others.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Service metrics are available for the uptime of Xamine and user usage. Data can be stored on access to the APIs and status of various tasks provided within the service for administrative and security reasons. The data can be provided as logs, feed to upstream systems, or aggregated for analysis within dashboards.
- Reporting types
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Users can download their results in various formats via the web-application or API.
- Data export formats
- CSV
- Data import formats
-
- CSV
- Other
- Other data import formats
- JSON
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- High-Availability can be provided on demand based on customers specific application demands, but target availability better than 95% is expected. In the event of a business critical fault within Xamine, Analytics Engines will provide a response from front line support within 1 business day (Normal response time is 1 hour) outlining resolution steps. Events are expected to be resolved within 2 business days of resolution plan providing at least a workaround to downgrade the criticality. This SLA covers the Xamine software solution. This SLA does not cover services provided by the customer or other 3rd parties that Xamine (e.g. Cloud/Server infrastructure, API availability, Data Changes, DB access, etc.). This SLA does not cover Incidents caused by User’s negligence, abuse, misapplication or use of the Xamine service other than as specified in the Xamine Service Description or other causes beyond the control of Xamine.
- Approach to resilience
- Once on-boarded, Xamine installation and configuration is completely automated. In the event of a catastrophic system failure the complete system can retargeted to a new environment (Cloud, virtual machines, etc) and be redeployed. This process typically takes 2 hours to complete at which point backup data can begin to be loaded. The Xamine database and data store are separated from the application which allows normal IT management including backup/restore following the business unit policies for the configuration of Xamine. In the event of a backup recovery being required the backup data is used to re-populate Xamine to the previous backup snapshot.
- Outage reporting
- Xamine includes a monitoring component. The monitoring component can provide a dashboard or API that users can log into to see reports and charts regarding service availability and any outages. Email alerts can be configured.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Management interfaces require authentication in the form of either username/password or public key authentication; management users are assigned a specific role which enables interaction with these interfaces.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BMTrada
- ISO/IEC 27001 accreditation date
- 01/09/2020
- What the ISO/IEC 27001 doesn’t cover
- All of Analytics Engines operations and provision of data and analytics software and services are included in the scope.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- We are accredited with Cyber Essentials.
- Information security policies and processes
-
Analytics Engines have a policy manual in place which demonstrates how the company meets the requirements of the Information Security Management System – ISO 27001.
It includes the policy, responsibilities, and acts as a signpost to related system documentation. Policy and Procedure Documents Policy and Procedure Documents have been prepared to cover situations where their absence could lead to deviations from the company’s Information Security objectives and would introduce or elevate Information Security risks to unacceptable levels. These include: Access Control Policy, Backup and Restore Policy, Capacity Planning Policy, Change Management Policy, Credential Management Policy, Data Encryption Policy, Data Retention & Destruction, Document Control Policy, Human Resources Security Policy, Incident Management Policy, Logging and Monitoring Policy, Malware Control Policy, Patch Management Policy.
Internal Management Analytics Engines has an ISMS owner who is responsible for the day-to-day tasks of ISO 27001.
Ultimate responsibility of the system lies with the Directors of the company. We have assigned IT team members who deal with technical tasks on a daily basis.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Service components are versioned and kept under source control in private software repositories.
A staging/pre-production system is maintained which is updated with the most recent build each night. All code changes are reviewed for functionality and security before being released to staging.
Any changes to production service components are subject to buyer user review and functional regression testing on this staging system prior to release to production. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Vulnerability management patching follows ISO 27001 processes. Potential threats to the Xamine service are identified through a variety of means: including regular Penetration Testing, subscription to industry standard threat information system vulnerability listings, and regular OS and software level release information.
Our aim is to patch critical vulnerabilities within 14 days, ideally within 7 days. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
The service collects relevant accounting and audit information. Administrators can examine the audit information and in the case of finding any suspicious activity request support from Analytics Engines for further investigations.
Specific triggers and alerts can be defined in collaboration with the buyer.
Where possible the system will be locked down while analysis of compromises takes place before being restored - where possible from a backup prior to any compromise. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Incident management events are captured following an ISO27001 policy. Users (internal, external) have a specified contact for incident management reports.
Once an incident is raised, an investigation is started to look into an event; determine scope and scale of the incident; and devise response timelines and strategy. Once an investigation is concluded a report is generated which can be provided to the user.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
At Analytics Engines we believe a health environment is necessary for the wellbeing of society, or people and our business. We therefore:
- Promote environmental awareness among our employees and encourage them to take action - work from home, cycle to work, online meetings, etc.
- Are working to establish a baseline for our impact to enable us to measure and improve with a target for reaching net zero.
- Communicate environmental commitment to clients and encourage them to support it
- Minimise our waste, energy usage, and CO2 emissions and recycle as much as possible.
We deliver digital projects that equip our clients to make better data driven decisions, improving operational efficiencies and removed a need for large sets of paper documentation. We work with our clients to implement solutions which are efficient for their problem and support them with their own reduction targets. - Covid-19 recovery
-
Covid-19 recovery
We continue to work with a range of public sector organisations delivering data analytics solutions and support that enables them to better understand the impacts of the pandemic and to make data based policy and decisions about the nature of support they will implement.
We supported The National Gallery London through their re-opening after lockdown ensuring that they had the data tools necessary to support decision making and their single source of data truth within the organisation.
We also supported Innovate UK respond to their largest ever application for grant funding via their Covid-19 Business Lead Research call; our solution enabled them to process the grant applications in record time and get money out to the organisations who needed it.
At Analytics Engines, we have been supportive of our staff needs in response to Covid-19 including working from home, flexible hours, re-organisation of the office-space for safe working, and were able to keep all of our staff employed throughout the pandemic. - Tackling economic inequality
-
Tackling economic inequality
As a rapidly growing Belfast based company in a high growth technology sector we always seek to create employment and training opportunities locally. We have strong links with the local universities and take on industrial placement students and interns most years.
We have directly supported a number of new/small businesses (across finance, real-estate, identity management, and others) through the development of their initial product offering, enabling them to onboard customers or prove concepts to raise investment. This has generated jobs locally and across the UK for these companies.
We are also open to working and partnering with new and small businesses to enhance our delivery capability and provide them with opportunities for growth. We have lead delivery of public sector contracts where we have established a consortium of partners ensuring a diverse supply chain for delivery to the department, ensuring a fair, honest, and transparent engagement and approach with these partners. - Equal opportunity
-
Equal opportunity
We aim to be an equal opportunities employer and we are determined to ensure that no applicant or employee receives less favourable treatment on the grounds of gender, age, disability, religion, belief, sexual orientation, marital status, or race, or is disadvantaged by conditions or requirements which cannot be shown to be justifiable.
We publicise this within our job posts and ensure that interviewing panels are aware of our obligations and goals.
We also support our staff through their own development and progression, allowing them to move into higher paid grades and develop new skills. This is formally part of our employee annual review process.
When on-boarding new suppliers, we have a checklist of questions including their modern slavery policies, ensuring that our supply chain adheres at least to our own high standards around this. - Wellbeing
-
Wellbeing
We are committed to providing a healthy working environment and improving the quality of working lives for all of our staff. Wellbeing is integrated into all employment, projects and company activities, and to support our employee wellbeing, we have the following measures in-place:
- Flexible holidays
- Flexible working
- Health insurance / gym membership
- Mental health helpline
- Support for personal charitable time
Pricing
- Price
- £3,333 to £5,000 a licence a month
- Discount for educational organisations
- No
- Free trial available
- No