Pontus Vision

Data Asset Management

System of records for a register of processes and activities (RoPA), Data Sources, Risks, and Mitigations. Enables customers to create a data catalogue about all Personal Data within an Organization.

Features

• GDPR-compliant register of processes and activities
• Automated Privacy impact assessment reports
• 'Green Blockchain' Audit Trails to prove DSAR and Consent events
• Security Risk Management
• Open Source Platform deployable on prem or Cloud
• Uses Home Office's POLE model in a Graph Database
• GDPR Compliance Scores following the 12 Steps from the ICO
• Data Asset Management, cataloguing data sources within the organisation
• Get PII from unstructured text and images
• Modular serverless architecture saves on operational costs and increases security

Benefits

• Quickly view Legal and Security Risks from a single Dashboard
• Receive Alerts for KPIs outside normal parameters
• Get DSAR information at the touch of a button
• Keep track of Data Awareness within the organisation
• Get irrefutable proof of compliance requests (DSAR/Consent)
• Easy integration with existing data sources
• Automated report of stolen data for data breaches
• Automate workflows for DSAR requests
• Get risk and mitigation recommendations from similar areas

£250.00 a unit a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lmartins@pontusvision.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

461520773248426

Contact

Leonardo Martins
+44 799 0576063
lmartins@pontusvision.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: The pricing model depends largely on volumes of data ingested and stored in the platform; as such, we transparently pass on these costs to the customer, with an added support cost on top of it.; ; The current solution is serverless, and currently must be deployed on AWS; however it is also fully containerised, enabling easy deployment on Kubernetes clusters
• System requirements:
  • Must be deployed on AWS or Kubernetes clusters
  • Open Source licensing (Apache / MIT) licenses
  • VPNs/VPC peerings to bring in external data are not included

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times vary from 1 hour to 1 week depending on the severity of the issue, and the support level agreement. 24x7 support is available as an option.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: We utilise Slack or Teams as a web chat mechanism.
• Web chat accessibility testing: No tests have been done directly; we rely on Slack / Microsoft Teams to provide the appropriate interfaces.
• Onsite support: Yes, at extra cost
• Support levels: Base support level: ; 9-5 week days only; SLAs: 1 week - level 3 issues, 3 days level 2 issues, 1 day level 3 issues ; Cost: included in the SaaS price; ; Premium support:; 24/7; SLAs: 1 week level 3 issues, 1 day level 2 issues, 4 hours level 1 issues; Cost: Pre-arranged blocks of time and materials at GBP 1200/day pro-rata on an hourly basis
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Online training is provided as part of the SaaS fees.
• Service documentation: Yes
• Documentation formats: Other
• Other documentation formats: Markdown on github
• End-of-contract data extraction: Via API Gateway APIs, or by creating an AWS EFS backup from the storage used by the stateful components.
• End-of-contract process: We transparently pass AWS costs to the customer plus a 20% support fee on top. Our platform is serverless, and makes efficient use of resources, leading to minimum costs of $250/month to run the service.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Screen will be displayed differently; there is also the ability to create mobile-specific dashboards with different information layouts
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The main interface is web-based using the open-sourced Grafana dashboard
• Accessibility standards: None or don’t know
• Description of accessibility: Admins can assign users to different groups, which can then be added to different access control lists to read/write/administrate portals.
• Accessibility testing: No testing has been performed.
• API: Yes
• What users can and can't do using the API: Users can deploy new modules using standard AWS SDK APIs; we also provide APIs via AWS's API Gateway that enable users to ingest and retrieve data from the platform.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users have complete freedom to customize the Dashboard; it has a drag and drop interface that enables new panels and widgets to be configured, and new dashboards created / destroyed.

Scaling

• Independence of resources: Each user has a segregated environment. Our whole architecture, including the graph database can be deployed in a serverless manner, or as kubernetes pods that can scale on demand.

Analytics

• Service usage metrics: Yes
• Metrics types: We use AWS cloudwatch dashboards to provide the service metrics; business KPIs are stored in AWS's timestream
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: We utilize AWS's IAM Policies and KMS encryption to encrypt all data at rest, and control access to it.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data may be exported via API calls (in CSV or JSON formats), or via AWS's EFS backup APIs.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • Graphson
• Data import formats:
  • CSV
  • Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: We also protect the data using IAM Policies, Security Groups, and NACLs
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: We also protect the data using IAM Policies, Security Groups, and NACLs

Availability and resilience

• Guaranteed availability: We utilize AWS's API Gateways, Lambdas, EFS, S3 Buckets for resilience. These can provide at least 99.9% of a availability.
• Approach to resilience: The whole platform is serverless and fronted by AWS API Gateways. EFS storage can be replicated across several data centres.
• Outage reporting: We have healthcheck APIs; AWS also offers a public dashboard to show any service outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: Open ID (with JWT Tokens) and AWS IAM are also supported.
• Access restrictions in management interfaces and support channels: Via IAM Roles, and Group memberships / ACLs in grafana.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
• Description of management access authentication: Open ID (JWT Tokens) and /or AWS IAM

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: The service is AWS cloud native covered by their certifications.

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We utilise ISO 27001 principles, but have not been officially certified.
• Information security policies and processes: The CTO is directly responsible for the security policies and processes. We utilize AWS's 5 pillar best practises for our deployments.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All code is stored in Git, and Pull requests with peer reviews are required before the code can be promoted. The CI/CD pipeline automatically runs unit/integration tests and automatically tags docker images/lambda deployments.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We automatically check for CVEs using services such as snyk and AWS's ECR scanner. We also use Github's depend a bot to scan for language-specific vulnerabilities, and provide patches within 72 hours of a CVE
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We utilise AWS's facilities such as Guard Duty and Security Hub, combined with StreamAlert these are optional and will incur additional costs.
• Incident management type: Undisclosed
• Incident management approach: We utilise our support system as a vehicle to receive incidents from customers. Incident reports are provided in a post-mortem style with a root cause analysis.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Our solution enables GDPR compliance giving citizens equal opportunity to exercise their rights to control the use of their personal data.

Pricing

• Price: £250.00 a unit a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We have full instructions on how to download and install a fully functional environment in a local kubernetes cluster.
• Link to free trial: https://github.com/pontus-vision/pontus-vision/blob/main/README.md

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lmartins@pontusvision.com. Tell them what format you need. It will help if you say what assistive technology you use.