Unilink Software Ltd

Biometric Visit Systems for Prisons

Unilink’s secure biometric prison visit system is implemented in sixty establishments and is thoroughly reliable having been used continuously in the HSE since 2004/5. It enables the secure and efficient enrolment and release of prisoners, social and legal visitors, contractors and staff as well as linking to web-based visit booking.

Features

• Biometric tracking of prisoners and visitors into visits and exit
• 1:n biometric enrollment and identification of prisoners, visitors and staff
• Fingerprint enabled software security solution, ISO 27001 & 9001 certified
• Fast system throughout; 1-2 second response time for biometric identification
• Accurate fingerprint biometrics and digital facial images stored
• Huge variety of configurable local prison rules
• Alarms triggered if prisoner attempts to leave through wrong exit
• Integrated reporting tool delivers additional layer of security and intelligence
• Comprehensive visit booking capability: phone, online, patient self-service; third-party integration
• Range of hosting solutions including Unilink’s secure Azure cloud hosting

Benefits

• Biometric devices on all exits prevent escapes
• Identifies and bans visitors using false ID via biometric technology
• Accurate positive identity of visitors speeds up entry to visits
• Configurable visiting rules ensure safety of visitors, staff and inmates
• Comprehensive visits management software ensures smooth movement of visitors
• Each visit timed and logged giving complete history and intelligence
• Prisoners not required to wear bibs for identification, normalising visits
• Intelligence reports derived from visits identify visitors to multiple prisoners
• Tracks real-time location of prisoners and visitors, supporting crisis management
• Enables visits to be booked and confirmed over the web

£0.10 to £0.15 a person a day

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@unilink.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

477672139450468

Contact

Ann Caple
020 7036 3810
enquiries@unilink.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: The service has been designed to limit constraints, however, the service constraints will be largely dependent upon the client's chosen G-Cloud PaaS Hosting Provider
• System requirements:
  • Secure Windows or Android Terminal with anti-virus
  • Windows SQL cloud infrastructure
  • Available utilising Azure as a value added option

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 1 hour but normally less. Users can log their support calls using the online portal and review their current status. Users cannot change their ticket priority, as this is determined by Unilink. Typically users do not use the online portal, rather they submit issues via email to the 24/7/365 Unilink helpdesk. This results in an improved service as any fault is correctly categorised and therefore resolved more quickly.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Service Support is offered through UK-based security cleared staff working within a ITILv3 Service Support model.; Service Level Agreements are negotiated directly with Unilink to achieve customer objectives of service availability, recovery time and backup objectives.; The Unilink Service Desk is the principal point of contact for all service users. Unilink currently provides ITIL aligned support services. ; ; Support is provided through a combination of Service desk, Email, Phone, Live chat and Onsite.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The service is designed so that the On-boarding of customers can be completed within two or three months of the commencement date. ; ; In addition to standard training and documentation, online hosted videos describing the software are available over WebEx or over Unilink’s YouTube channel. With each establishment implementation Unilink also provides chargeable onsite training to meet standard customer needs.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: At any stage, user representatives are able to download case information to local storage and archive.
• End-of-contract process: The service can be terminated with one month’s notice. Hosting charges would be dependent on the length of time that data is retained on the Hosting Service. On termination, Unilink, in conjunction with the G-Cloud PaaS Hosting Provider will delete purge and destroy all information from the application and permanently remove it. At any stage, user representatives are able to download case information to local storage and archive. There are no termination costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Android
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service has been optimised for mobile, desktop and secure kiosks
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Web browser interface as well as application to install. ; ; Designed for use on mobile devices.; ; The service has been optimised for mobile, desktop and secure kiosks.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: The service was tested at design stage and has been continually refined based on feedback from over 60 successful deployments
• API: Yes
• What users can and can't do using the API: Outline API functionality:; - Automatic creation of the prisoner record once the prisoner has been admitted in NOMIS to the relevant prison; - Automatic discharging of the prisoner record once the prisoner has been discharged in NOMIS from the relevant prison; ; API functionality enables:; - On-boarding of live roll from PNOMIS ; - Live roll information will be updated from PNOMIS
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Every implementation is customised to ensure that it dovetails with each client's site specific processes and procedures. The Visits System is fully configurable and allows creation of custom visits rules to match establishment visit requirements. Some of these configurable features are: Prisoner and visitor warnings which prevent inappropriate visits from being booked e.g. for child protection. For instance the system will not allow a visit to be booked with an approved child visitor unaccompanied by their guardian. The age below which one is considered a child can be set by the establishment. Ability to ban or approve visitors, either individually or globally. Allows definition of prohibited and allowed visitor property. Information on booked visits can be displayed to the security and visits officer at the visits gate and visits hall, as well as in the visits reception on visitor entry. The system has a fully searchable database with an integrated report writing tool enabling intelligence gathering on prisoners and visitors.

Scaling

• Independence of resources: The service has been carefully architected with planned scaleability to ensure that users are not affected by the demand that other users are placing on the service.

Analytics

• Service usage metrics: Yes
• Metrics types: Service Metrics can be provided to clients based on their specific requirements
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: FIPS-assured encryption ; Secure containers, racks or cages
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: At any stage, user representatives are able to download case information to local storage and archive.
• Data export formats: Other
• Other data export formats: User defined
• Data import formats: Other
• Other data import formats: User defined

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 99.99% Availability. Service Level Agreements are negotiated directly with Unilink to achieve customer objectives of service availability, recovery time and backup objectives. Financial Recompense Models covering the circumstances in which Service Levels are not met are negotiated directly with Unilink.
• Approach to resilience: G-Cloud PaaS Hosting Providers will provide Backup and Restore Services at the Secure Hospital /Agency level. These arrangements will be negotiated and captured within Service Level Agreements. Further, G-Cloud PaaS Hosting Providers will be required to provide Disaster Recovery Services. Again, these arrangements will have to be negotiated and captured within Service Level Agreements. Unilink is an ISO 27001 and Cyber Essentials Plus accredited organisation, meets ISO 9001 principles and has full continuity management plans which have been independently audited. The company operates from secure premises with redundancy built into systems, infrastructure and staffing. In the event of any disaster, Unilink will be fully operational within 24 hours. Further information is available on request.
• Outage reporting: Service outage reports are provided via both a public dashboard and email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: User access control within management interfaces and Administrator permissions are subjected to the following identity and authentication controls: ; Username and two-factor authentication; Limited access over dedicated link, enterprise or community network; Username and strong password/passphrase enforcement
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyds Register
• ISO/IEC 27001 accreditation date: 08/07/2020
• What the ISO/IEC 27001 doesn’t cover: Our ISO 27001 certificate covers all requirements except for 'A.14.2.7 Outsourced development' as we do not outsource any development work.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials Plus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Unilink is ISO 27001 and 9001 certified and is audited by Lloyds Register. Overseen by Unilink Information Security Board.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Unilink is an ISO 27001 accredited company that uses ITIL change management processes.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Registered with NCSC early warning service and CISP member for advanced warning of vulnerabilities. Internal security team works closely with supply chain partners such as Microsoft and Cisco to assess potential threats and implement mitigation measures including emergency patch deployment where advised to do so.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Undertake proactive security monitoring of internal network and monitoring tools deployed on customer installations
• Incident management type: Supplier-defined controls
• Incident management approach: ISO270001 compliant incident management and ITIL incident reporting process. Security incidents escalated to ISB.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Other
• Other public sector networks: Other

Social Value

• Fighting climate change:

  Fighting climate change

  Unilink is passionate about the protection of the environment, which is why we have worked hard for our Carbon Neutral status—made official in, and maintained since 2020. Notably, our environmental commitments and policies are compliant with ISO:14001 standards. Through our ‘Green Team’ initiative, run by staff volunteers, we are constantly exploring the next steps in our journey toward minimising Unilink’s carbon footprint and environmental impact. A handful of actions forming our overall strategy include:; ; • Converting our fleet to electric cars;; • Installing solar panels for power generation at our offices;; • Rewarding staff through our cycle to work schemes;; • Embedding EnergyStar™ components into our Acante biometric kiosks; and,; • Taking close measurements of our carbon usage, investing into Verified Carbon Standard (VCS) reduction projects to counteract the impact Unilink makes.; ; Unilink has offset 240 metric tonnes of CO2 to date and planted over 240 trees in the UK toward rebuilding our damaged ecosystems. ; ; We are committed to reducing the environmental impact through our supply chain. We will create longer term & meaningful partnerships with suppliers to avoid lowest price transactional arrangements that don’t benefit the environment. We use our environmental expertise to help coach & mentor our Micro supply chain members. We will set objectives & plans to support this & then monitor progress to help improve practice.; ; We collect data on our efforts through a variety of channels, all of which are recorded in our Enterprise Data Management (EDM) system. Unilink supplies this information to clients and partners on a regular basis and invites all parties to suggest areas for improvement and initiative ideas to achieve this.
• Covid-19 recovery:

  Covid-19 recovery

  A key consequence of the Covid-19 pandemic has been the negative impact on mental health in addition to increased isolation. ; Alongside out partner Serco, Unilink helped develop the Vulnerability Predictor Tool (VPT). This web-based application analyses patterns of behaviour and identifies individuals who may be at likely to self harm or attempt to take their own life. Through analysis of interactions processed by Unilink’s Prisoner Self-Service Kiosks/In Cell Devices and held in Unilink’s Custodial Management System (CMS) database, at-risk individuals can be identified and offered the help they need. With further development, this tool could assist safeguarding in other environments as well.; Unilink supports staff who are vulnerable to Covid-19 or sheltering, as well as encouraging personal Covid-19 recovery. To achieve this Unilink introduced a flexible working policy to reinforce the importance of our teams’ work/life balance and enable staff to work from home by equipping them with technology and home office equipment. This allows staff to negotiate work hours which alternate from ‘core’ hours to better balance their personal lives and, where possible, lower the risk of contracting Covid during interactions with colleagues. ; Physical and mental wellbeing infrastructure has also been established throughout our organisation. This includes a platform for wellbeing feedback within our HR system (Natural HR) which is monitored weekly and actioned upon by our HR team. We circulate a weekly newsletter, providing information from every part of the company. The newsletter also highlights channels through which staff can access support. These channels range from contacting our HR team, or Samaritans, to making use of our Civil Service Sports Council (CSSC) Life membership. The latter provides a comprehensive health and wellbeing platform with a plethora of mindfulness workshops, courses, and support services offered to our team free of charge.
• Tackling economic inequality:

  Tackling economic inequality

  By converting to home-based working, Unilink have furthered our ability to recruit from more deprived areas of the UK than surround our various offices. By uplifting talented individuals from less advantageous locations, Unilink has embraced new voices into our organisation. Diversity of background is especially important because it supports our social purpose of helping rehabilitate those people in prison or on probation, who come from every type of background.; Our CEO mentors at the Imperial College London Imperial Venture Mentoring Service (IVMS). Through our apprenticeship programme, we nurture the interests of the next generation toward meaningful careers. We offer training plans for experience, personal development & professional qualifications, mentoring, rotation of different teams & departments. Apprentices are offered management support as well as regular constructive feedback alongside monitoring/review meetings throughout their placement with us.; One particularly disadvantaged group is that of prison leavers—to whom Unilink dedicate time and resources. We are currently offering our IT expertise to the charity Turnaround Project, who offer training and employment experience before people complete their sentences in order to ‘turnaround’ prison leavers’ future prospects. We are working with the Northern Ireland prison service on a pathfinder project to develop, at our cost, social media training for soon to be released prisoners to understand social media marketing for a small business they might set up outside of prison. Unilink make donations to various trusts and charities who work toward similar rehabilitation aims. The Koestler Trust, for example, promotes art in prisons. Our partnership with Code 4000 helps to teach software development and technical skills to prisoners during their time in custody. Upon completion of their sentence, 0% of these graduates have reoffended or returned to custody since the organisation’s conception in 2016. Other initiatives we support include The Longford Trust, Nepacs, Pact, and Key4Life.
• Equal opportunity:

  Equal opportunity

  Unilink believe everyone should have the chance to achieve their potential, and our Equality, Diversity, and Inclusion (EDI) Policy (sponsored by the Board) aims to achieve this in a variety of ways:; - Unilink actively encourage applications from a diverse range of candidates via specialist agencies/publications & using a diverse interview panel;; - Flexible working hours and work-from-home options ensure staff are not at a disadvantage due to disabilities, culture, or religious dependencies;; - We offer accessible working environments to support disabled team members;; - We offer WCAG 2.1A-compliant application forms/channels; our UX design take into account digitally excluded users; - We train employees on the benefits of diversity within the workforce, with annual training workshops for: anti-slavery and human trafficking; equality, diversity & inclusion; environmental impacts; and, sustainable procurement;; - Unilink embed our social values ethos via direct employee action, with a team of volunteer staff who regularly discuss our EDI policy and suggest improvements;; - Unilink welcomes and facilitates cultural celebrations within the workplace.; ; The positive impact of this work is measured through regular staff surveys which gauge the opinions of our team regarding the engagement with and embracing of EDI values. This data is segmented, analysed, and reviewd in regular meetings wherein our senior team can establish our plan of action moving forward. We additionally utilise our Human Resources (HR) System—Natural HR—to monitor the diversity of our workforce regarding the nine main protected characteristics.; ; Employees who suffer from any form of disability are offered HR check-ups from our Head of HR to ensure Unilink supply all necessary assistance/equipment necessary for the fulfilment of their role. This commitment can be traced back to our hiring practices, wherein Unilink takes great care in properly accommodating the needs of all candidates, ascertaining these well in advance of interviews.
• Wellbeing:

  Wellbeing

  Unilink has robust structures in place to support the wellbeing of our workforce and boost company-wide morale. Our HR system (Natural HR) invites daily feedback from staff regarding their wellbeing. This offers a release valve for staff, and ensures HR can assist the team, offer counsel, and put remedial measures in place for employees should they need it. All responses are monitored by our HR team and trends discussed at weekly meetings. Unilink’s Head of HR is responsible for undertaking wellness check-ups, and following up on concerns raised in Natural HR or directly with the HR team. Unilink offers membership of the Civil Service Sports Council (CSSC), and support via CSSC Life which provides a comprehensive health and wellbeing platform.; ; To support the work/life balance of our team, we have established a flexible working policy. Managers within Unilink are open to discussion regarding deviation from core hours in order for our staff to better support their personal lives. We also have a generous overtime payment policy. Any work beyond defined contractual hours will incur a higher rate of pay up to two times the employee’s hourly rate (depending on whether they are working a weekday, weekend, or Bank Holiday).; ; But Unilink is interested in more than our staff wellbeing and aim to support our communities as well. We encourage our team to play a role in the wider community and support their endeavours via direct and matched funding of any charitable event they wish to run. In the past this has involved sponsorship of local sports teams and youth football clubs, as well as Macmillan Coffee Mornings and Children in Need internal fundraising initiatives. We have sponsored events of an organisation in Scotland called “families outside” which helps friends and family stay in touch with their loved ones in prison.

Pricing

• Price: £0.10 to £0.15 a person a day
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: The service is available for up to six months free of charge to one establishment for use on a trial basis. All such trials are individually discussed due to the operational implications.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@unilink.com. Tell them what format you need. It will help if you say what assistive technology you use.