Tadaweb

Tadaweb

Tadaweb's operating system for OSINT streamlines open-source investigations. Optimising data collection, analysis and internet investigations. Features include efficient information gathering, persistent monitoring, protection of data, secure working environment and adherence to policy. The platform supports collaborative work, access to publicly and commercially available information and the generation of actionable insights.​

Features

• Secure working environment & evidential data capture
• Managed attribution internet access to clear, deep and dark web
• Library of PAI & CAI OSINT collection workflows
• Automated, persistent monitoring of online sources
• Customer self-service auditability of user actions
• Geosearch functionality enabled by Esri
• Multiple formats for manual and API data export
• Video content capture and analysis, including speech-to-text
• Data enrichment eg. OCR, translation, object recognition, metadata extraction

Benefits

• Managed attribution of online digital footprint
• Enables Internet Intelligence Investigations (iii) at depth and speed
• Library of workflows provides efficient collection and transformation of data
• Automated monitoring assures data capture in a volatile information environment
• Customisable administration and auditing functions to assure policy compliance
• Integrated pivoting between keywords, individual selectors and geographic regions
• Interoperable with third-party capabilities
• Continuous product and source development keeps ahead of dynamic requirements
• Fully integrated investigative and monitoring functionality
• Collection can be seamlessly integrated into other data programmes

£50,000 an instance a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@tadaweb.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

472310889338043

Contact

Ash Walker
+44 778 254 3617
gcloud@tadaweb.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Whitelisting of platform and user IP addresses will be required.
• System requirements:
  • Browser: Chrome, Edge, or Firefox (latest version)
  • 8GB RAM and Intel i3 or equivalent
  • Minimum resolution to display platform properly: 1440x1024.
  • Optimal resolution: 1920x1080
  • Websockets must be enabled for your browser and network
  • Cookies and JavaScript enabled

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Initial response is provided within 1 working day (Mon-Fri). ; ; A full response and further detail will be provided following a internal triage and communication on the response within 4 working days (Mon-Fri).; ; As standard, no weekend response is expected, but may be provided.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support provision is both technical and service support - the level of support is defined by the criticality and complexity of the support required. Initial response to all technical and service questions will be given within a day.; ; For technical support, incident resolution is within five days.; ; A customer success manager is aligned to each customer, and further service support can be purchased by the day.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Initially new customers will begin with a kick-off meeting to provide an all-stakeholder introduction to Tadaweb and the Tadaweb platform, to give programme leads and user representatives a firm understanding of how the Tadaweb platform will enable their operations. It will then provide the chance for the customer team to raise implementation requirements and specify permissions to inform the subsequent technical discovery meeting. ; ; This meeting will also introduce the customer stakeholders to the Tadaweb Customer Success Manager to help establish lines of communication between Tadaweb and the customer team. ; ; This will be followed by a technical discovery meeting, focused on the initial implementation of the Tadaweb platform, the onboarding of users (including the administrator function) and any customer policy/security requirements that need to be incorporated into the training or product. ; ; The initial training design would have been refined during the kick-off meeting. The core design for the training is a one-day course delivered in person in our dedicated London training facility. Where necessary, this training can be adapted to be delivered remotely. This training focuses on the “user interface” of the platform.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: All customer content is available for extraction within 30 days of the end of the contract term.
• End-of-contract process: All customer content is removed from our systems and backups within 30 days of the end of the contract term.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Our service interface offers a comprehensive solution for investigative and monitoring tasks. Users can execute complex searches across open source and publicly available information streams with minimal interaction effort. Our interface accommodates users of varying technical proficiency, enabling users to create, implement, and execute search workflows seamlessly integrating text and multimedia resources from various web sources.; We provide a managed attribution browser for secure and private navigation of both clear and dark web environments. Investigators can search, collect, refine, and extract data within a single system, reducing operational inefficiencies.
• Accessibility standards: None or don’t know
• Description of accessibility: Some sections of our product offer essential accessibility features like keyboard shortcuts, multilingual virtual keyboards, and search result translations. We provide captions and transcripts for video and audio content. Content readability is maintained for users with low vision or colour blindness, ensuring adequate contrast and clear typography. We also indicate visual focus on web components. Our navigation and layout facilitate easy access to content. ; ; Our product does not support assistive technology for browsing.
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: The Tadaweb API is a stateless RESTful API which allow users to leverage their data in a broader range of contexts. The Tadaweb API is a read-only API, so users cannot modify the platform, but can view and retrieve their own data, and selected reports. ; ; The API employs a secure token-based authentication system. To generate these tokens, users need to be granted the appropriate authorisation by the team administrator. The privilege to grant Tadaweb API access is exclusively held by the team administrator. This ensures a controlled and secure process.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Our customisation capabilities are comprehensive.; Throughout navigation and data collection, users can modify the language in which they retrieve and consume information.; We offer services to integrate and expand available information sources as per our customers' requirements. ; Our system also provides role-based access control to manage settings, visibility, and audit information for team and workflow settings.

Scaling

• Independence of resources: Including using the Microsoft Azure infrastructure for its capacity, we are using several methods to protect the service for users. There are rate limits, service-oriented architecture, managed databases and Kubernetes technical methods, so that the benefits of that cloud infrastructure are maximised.

Analytics

• Service usage metrics: Yes
• Metrics types: Administrators can gain access to their own users actions and activities. More details available on request.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can export their data via multiple methods. Users will be able to export data as a single report, create custom reports and export selected reports via API.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • PDF
  • Text
  • Word
• Data import formats: Other
• Other data import formats:
  • API Endpoint
  • Publicly available information

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: TLS client server authentication

Availability and resilience

• Guaranteed availability: Platform availability is 99.9%
• Approach to resilience: Using Microsoft Azure datacentres provides an immediate level of physical resiliency and fault-tolerance. Tadaweb further uses zone-redundant storage, multiple availability zones, zone-redundant storage configurations within Azure blob, and high-availability options within CosmosDB.; ; Further information is available on request.
• Outage reporting: Reporting of outages will be managed by our customer success team via email, telephone or in person. Internally within the platform we have dashboards, alerts, API calls and monitoring systems monitored by a dedicated SRE team. We will strive to maintain open and transparent communication with the customer throughout the entire process. Regular updates, progress reports, and estimated resolution timelines are shared promptly.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Username and password
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Security Essentials Plus
• Information security policies and processes: For our internal systems, we will have ISO27001 certification (certification June 2024) governed by our Chief Info Security Officer.; ; Our software service is not yet in ISO27001 scope. Our CTO is the top-level executive, and uses layered security, tracing, CVE scanning, minimum level rights, automated test suites, RBAC and an continuous review process.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We apply ITIL change and configuration practices in compliance with ISO27001 standards.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We monitor all threat via multiple sources of information and patch them accordingly. All vulnerabilities are immediately assessed and patched in regards to the criticality.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have a centralised monitoring and alerting system that raises tickets which are immediately processed by the corresponding team.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have a process in place to report incidents by the Customer Success team, with incident tracking and reporting towards resolution. The process triages and remedies according to severity.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  Overseen by our Chief Technology Officer (CTO), Tadaweb is committed to optimising our cloud resource consumption for increased efficiency and to reduce the carbon emissions linked to our services. Our primary cloud provider is Microsoft Azure, which has been 100% carbon neutral since 2012. ; ; Microsoft has further commitments to sustainability including plans to replenish more water than it uses, achieve zero waste including electronics by 2030, and be carbon negative by 2030. Consequently, we have a neutral carbon footprint from the cloud computing energy consumed for our platform.

  Tackling economic inequality

  Tadaweb holds a Gold Award for the UK Armed Forces Covenant. We provide our employees who choose to become Reservists, with a generous Reserve Leave policy; as a result, several of our current employees are in the Reserves. We are also recognised for the support we provide to Regular military personnel as they as they transition from their military career to a civilian career.

  Equal opportunity

  We are a participant in the European Diversity Charter, and have active focus on this within hiring, promotion and inclusion.

Pricing

• Price: £50,000 an instance a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: For appropriately qualified customers, we are able to provide a structured trial program of all our licences. This could be a few weeks duration.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@tadaweb.com. Tell them what format you need. It will help if you say what assistive technology you use.