Aiimi Ltd

Aiimi Insight Engine – Data Privacy & Compliance

The Aiimi Insight Engine is our unique discovery platform. It works alongside you, using artificial intelligence to identify personal data across all of your data sources. Providing SAR collection, redaction and disclosure capability, along with compliance auditing and actions for remediating non-compliant data, with a simple and slick user interface.

Features

• GDPR and PCI Risk Dashboarding and Mitigation
• Multi-Source document and data cataloguing and discovery
• Collection of information for response to SARs (DSARs)
• Highlighting of people, organisations, places and personal data
• Mark for redaction (Redlining) and burn-in to PDF
• AI Support for sensitive language discovery
• Export data records to PDF
• SAR (DSAR) deadline extension
• Disclosure Portal for subject use
• Extensible to cover other regulatory frameworks such as Export Control

Benefits

• Find content across multiple sources quickly and easily
• Find data alongside documents in one search
• Protect third person information reliably
• Rapid machine assisted redaction
• Multi-factor subject authentication
• Easy to use by untrained subjects and by internal staff
• Allows centralisation of the discovery and disclosure process
• Supports right to be forgotten processes

£33,000 to £33,000 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at meustace@aiimi.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

516895060987683

Contact

Matt Eustace
+447919330081
meustace@aiimi.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Aiimi Insight Engine – Search & Discovery
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: No significant constraints.
• System requirements: Requires either Windows or Linux operating systems

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: P1 - 30 Minutes; P2 - 2 Hours; P3 - 4 Hours; P4 - 8 Hours; Within UK business hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Support is provided by our UK based service desk and by dedicated DevOps engineers. We provide support at 10% of the license cost (note that example license pricing provided here includes this 10%). DevOps engineers are aligned to specific customers and provide personalised support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: There are two sets of users that are involved in the Insight Engine onboarding process; Insight Engine administrators (i.e. those responsible for administering the Insight Engine service for their respective organisation), and end users (i.e. those who will use the service to perform their role).; ; For Insight Engine administrators, user friendly, high quality documentation and guidance materials are provided and cover the following areas: installation, configuration, testing, and security. FAQ’s and help pages are also available.; ; Knowledge articles and demonstration materials exist for core Insight Engine Applications designed to educate and raise awareness to end users with an engaging overview of what the platform functions are, for what purpose, and how these can be used. Moreover, user experience is a core focus for all Insight Engine product development efforts, ensuring the service is as intuitive and easy to use as possible.; ; End users and administrators also have access to an online Insight Engine community whereby knowledge articles are shared. This also exists as a forum for sharing questions and getting in touch with dedicated Aiimi Insight Engine experts who are on hand to offer best practice guidance and advice.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The service does not hold the original data, it's simply an index of the text from the source, therefore there is no need to extract the index.; ; The index may be enriched with metadata by Insight Engine, or by users of the software. This information can be provided at the end of the service term in CSV format as part of the service close down. There is no charge for provision of this information.
• End-of-contract process: Included in the price of the contract:; ; At the end of the contract, Insight Engine components and Elasticsearch will be uninstalled and all access to applications revoked.; ; Elasticsearch components will be removed from the instance:; ; The Elasticsearch instance will be closed down and the data held will be deleted.; Customer can retain all main indices within Elasticsearch in CSV format. These exports contain the indices, the data outputs from the crawling and enrichment, text content and specify any classification applied to documents. ; ; Data can be exported using a CSV export utility that will output the attributes of documents enabling the administrator to select what attributes to be exported :; ; Elasticsearch nodes will be closed down and removed from any servers that they are installed on.; Elasticsearch service will be closed down.; Kibana service will be closed down.; ; The Aiimi Insight Engine (AIE) components that will be removed include:; ; Aiimi Insight Engine Logs:; Log production will cease.; Historic Aiimi Insight Engine logs will be deleted.; ; Aiimi Insight Engine services that will be uninstalled:; Source Agent.; Enrichment Agent. ; Security Agent.; Content Agent.; ; Applications that will be made inaccessible:; AIE.; Kibana.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The web interface is fully responsive to the client form factor.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: The service provides two APIs, the Search API which can be used to build applications (e.g. Low Code) applications that interface with the service, and the Data Science API (a licensed module) that allows full access to the service for analytics and reporting purposes.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The branding, colour scheme, data sources and data enrichment processes can all be customised. This customisation is carried out by Aiimi's DevOps engineers.

Scaling

• Independence of resources: The application is scaled according to data volume and user load. Discovery loading is multi-threaded and can be scaled up and down to avoid impact on other services and users. Customers are segregated at Hypervisor level and allocated dedicated resources appropriate to their expected usage.

Analytics

• Service usage metrics: Yes
• Metrics types: The application provides an interface for service analytics which provides the following metrics:; - Page popularity; - Volume of users by month and by function; - Volume of searches; - Search performance; - User feedback; - Usage by department; - Search term usage
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data can be exported in JSON format on request to our DevOps engineers by raising a ticket through the support desk.; ; Data can be exported by end users by adding records to a collection and then using the Export functionality within the UI to create a CSV extract,
• Data export formats:
  • CSV
  • Other
• Other data export formats: JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: If hosted in Azure, Google or Amazon datacentres, we provide a 99.99% uptime SLA for the application (agreed maintenance windows excepted). The solutions ability to crawl new source data or to be accessible from the customer network is covered to the perimeter of the Aiimi provided facility, e.g. we do not provide an SLA for customer network connections. Customers receive support service credits when SLAs are not met.
• Approach to resilience: Insight Engine can be provisioned in Azure, AWS and GCP environments as well as on-premises, each with similar approaches to resilience. An Aiimi implementation will include our best practice resilience measures, including taking advantage of geographical and in-datacentre resilience features provided by the datacentre. Examples include ensuring that multiple machines are used to support the service, each patched and maintained at different times and with independent power, cooling and network connections. The service itself makes use of stateless connections, load balanced web application servers and sharded indexes. Background activities such as source system crawls and metadata enrichment processes can run on any available server, providing resilience for back-end services. The resilience approach appropriate to your chosen infrastructure provided will be discussed prior to implementation.
• Outage reporting: We routinely monitor the health of our elasticsearch cluster through Kibana Monitoring to ensure that the cluster is in a healthy state and performing as expected. Aiimi will also monitor dashboarding offered by cloud providers e.g. Google Stackdriver Monitoring or Azure Monitor. These dashboards allow us to track the performance of our hardware and software in real time. E-mail alerts are also setup to notify Administrators, should any metrics exceed pre defined thresholds.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Aiimi Insight Engine uses domain independent authorisation for management and support interface access. These logons only allow access to the management interfaces and full audit is recorded for all management actions.; ; A starters movers, leavers process is used to control and audit who is authorised to access systems and this is provided on a 'need to know' basis rather than access being granted to all support and service staff to all systems.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 22/11/2022
• What the ISO/IEC 27001 doesn’t cover: Installations on customer environments
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our security practices are accredited to Cyber Essentials Plus and aligned to the ISO27001 annex A controls. Aiimi is currently undergoing ISO27001 certification.
• Information security policies and processes: Aiimi has an Information Governance Committee which is responsible for generating and reviewing data security and policies. The policies are then reviewed by the board and distributed to staff by the HR team. Information governance and data protection clauses are also included in staff contracts and updated with employee data privacy notices on a regular basis in-line with changes in the security policy.; ; Our policies are in-line with ISO27001 and communicated to staff in a number of ways:; - Monthly all staff briefings for the latest information security concerns; - Regular automated information security tests; - Electronic information security training with assessments. This is focussed on the staff role; - Ad-hoc staff updates related to current concerns; ; Aiimi has an annually reviewed risk management framework that is agreed with the board, which guides the activities of the information governance committee who implement policy changes to cater for current risks. The IGC meet as a committee once a quarter, or on demand if required.; ; Incident management is handled by our service desk and a formal procedure governs how incidents are handled.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Instances of Insight Engine hosted by Aiimi will be commissioned on Azure infrastructure in a customer resource group and the change management approach for that instance will be agreed with the customer. Based upon a template that defines the annual maintenance windows, KPIs, SLAs, RPO and RTO for the instance, change management activities will be governed by those requirements. Application releases and code components are managed in GitHub and all releases are penetration tested in-house on QA environments and again when released to a customer environment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Aiimi deploys two key mechanism for assessing threats to the application. First is a peer code review by developers trained in secure software development. Training is provided by KnowBe4. The second is through the use of AppCheck to perform vulnerability scans on internal deployments of InsightMaker. These are performed monthly and the output reports are fed into the development backlog.; Patches to security issues are immediately prioritised for development and can be released outside the standard release cycle. High risk security patches are applied by our DevOps team within two days of being issued, or according to customer schedule.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Protective monitoring is only commissioned by Aiimi where we host the application on our customer's behalf in Microsoft Azure datacentres. We use Microsoft Antimalware for Azure Cloud Services and Virtual Machines to identify compromises. Aiimi responds within 30 minutes to an alert, whether that is a potential compromise or an incident.
• Incident management type: Supplier-defined controls
• Incident management approach: The Aiimi Service Desk processes are determined by the Incident Management tool in use and based on the ITIL V3 framework. Incidents are logged, classified, categorized, prioritized, assigned for investigation and investigated until resolved. Customers log incidents via a dedicated email address, a dedicated landline phone number or an on-line portal.; Routine events are handled through scheduled maintenance windows. Recurring issues are logged as Problem tickets for root cause analysis.; Periodic reports are generated using the Incident Management tool and used by customers and internal teams for trend analysis, performance review and continual service improvement.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As each new call-off is created through this framework, we’ll create bespoke fighting climate change objectives which will be outlined in a method statement. Each objective will be given a KPI to help monitor and report back to the buyer on how we’ve achieved that objective. We’ll create a timed action plan to track and manage our progress in achieving those objectives. ; A dedicated Social Value Manager will be assigned to every project, they’ll invite each buyer to our purpose built Hack Zone to input, co-design and sign-off the objectives.; Aiimi is also achieving ambitious growth, but we’re dedicated to reducing business CO2 intensity (per head/unit revenue) with compelling offset strategies. One such strategy includes the planting of trees with the Woodland Trust to offset CO2. If buyers engage our services they’ll help fund further planting. ; In 2022, we ran a company-wide hackathon to explore how we could use our own software, the Aiimi Insight Engine (AIE), to support our carbon management and reduce our greenhouse gas emissions. We’d be happy to collaborate with buyers on this framework and explore how it could help support specific deliverables within individual projects.; Aiimi staff working on any projects arising from this framework will be encouraged to donate a proportion of their five volunteering days to fighting climate change. We’ll also explore moving from using solar panels to power our communal areas into exploring how we can power the entire office.; Aiimi will commit to fighting climate change at a local level. We’ll hold a sustainability hackathon (one per project) in our purpose built Hack Zone. We’ll bring together local environmental groups, customers and stakeholders to tackle an existing local environmental issue, and evidence to the buyer how selecting Aiimi has led to fighting climate change at a local level.

  Covid-19 recovery

  As each new call-off is created through this framework, we’ll create bespoke Covid-19 recovery objectives which will be outlined in a method statement. Each objective will be given a KPI to help monitor and report back to the buyer on how we’ve achieved that objective. We’ll create a timed action plan to track and manage our progress in achieving those objectives. ; A dedicated Social Value Manager will be assigned to every project, they’ll invite each buyer to our purpose built Hack Zone to input, co-design and sign-off the objectives that will support local communities in Milton Keynes (MK); When buyers engage our services they’ll also help fund an Entrepreneurship Incubator. MK is a hub for attracting tech companies/start-ups, so we’ll create an incubator were MK residents wanting to create a start-up or those wanting to explore an idea can receive support. In our Hack Zone they’ll learn from experts. The incubator will fire up the entrepreneurship ambitions of those impacted by the pandemic. Buyers that select Aiimi will also fund mentors that will help ideas to grow. ; Our charity partnership with the YMCA has shown Aiimi that those who were already disadvantaged had those disadvantages magnified by the pandemic. If buyers engage our services they’ll help us fund further support. For example, we’ll offer opportunities for work experience and internships within Aiimi. This will empower participants to move from a position of disadvantage to moving a step closer to employment.; The pandemic led to job losses. The tech sector is still a growing and vibrant sector, so for each contract we secure on this framework we’ll fund an IT course/qualification. We’ll distribute this support through our local community networks who will know who was most impacted by the pandemic and how those qualifications will create post-pandemic change in people's lives.

  Tackling economic inequality

  As each new call-off is created through this framework, we’ll create bespoke tackling economic inequality objectives which will be outlined in a method statement. Each objective will be given a KPI to help monitor and report back to the buyer on how we’ve achieved that objective. We’ll create a timed action plan to track and manage our progress in achieving those objectives. ; A dedicated Social Value Manager will be assigned to every project, they’ll invite each buyer to our purpose built Hack Zone to input, co-design and sign-off the objectives that will support people in Milton Keynes (MK); When buyers engage our services, they’ll help us expand our Early Careers Programme. Aiimi will provide work experience opportunities in IT, with a focus on schools from lower socioeconomic areas (high utilisation of free school meals etc) so we can inspire young people to choose careers in tech. ; Aiimi will call upon our charity partnership with the YMCA, and local schools and colleges to identify young people with an interest in working in the IT sector. Then we’ll work with those partners to support those young people to apply for one of three routes within Aiimi: apprenticeships, traineeships or T-Level industry placements.; All Aiimi staff working on any projects arising from this framework will be encouraged to donate a proportion of their five volunteering days to tackling economic inequality. From mentoring a young person who is interested in a IT career to delivering a presentation to schoolchildren from a disadvantaged area.; Aiimi will also deliver a series of inspirational careers workshops covering topics such as coding. Our staff will deliver the workshops and share their inspiring stories. We’ll link in with local careers services and other local tech companies so that the young people that attend can also access other opportunities.

  Equal opportunity

  As each new call-off is created through this framework, we’ll create bespoke equal opportunity objectives which will be outlined in a method statement. Each objective will be given a KPI to help monitor and report back to the buyer on how we’ve achieved that objective. We’ll create a timed action plan to track and manage our progress in achieving those objectives. ; A dedicated Social Value Manager will be assigned to every project, they’ll invite each buyer to our purpose built Hack Zone to input, co-design and sign-off the objectives that will support the creation of equal opportunity. ; When selecting Aiimi buyers will help Aiimi sustain inclusive recruitment practices. Such as job advertisements that avoid stereotyping or help colleagues to continue to share their positive experiences, such as Paul: “I didn’t know at the time, but now realise how authentic Aiimi is. Their awareness of autism enabled them to be more objective during the selection process.; When buyers engage our services, they’ll help us expand our Early Careers Programme. Aiimi will provide work experience opportunities in IT, with a focus on pupils who identify as having a disability. We know that a workplace can be intimidating but we’ll ensure that whether that person is neuro-diverse or has physical needs they’ll find a supportive environment at Aiimi. ; We’ll also commit to providing T Level industry placements and higher level apprenticeships, as well as adjust the recruitment process to support neuro diverse or disabled candidates. ; Any contracts secured on this framework will help fund a Hack. The Hack will examine an issue within Aiimi that may be impacting our ability to ‘reduce the disability employment gap’ and we’ll bring in experts and local groups to create a solution that we’ll implement within the lifetime of this framework.

  Wellbeing

  As each new call-off is created through this framework, we’ll create bespoke wellbeing objectives which will be outlined in a method statement. Each objective will be given a KPI to help monitor and report back to the buyer on how we’ve achieved that objective. We’ll create a timed action plan to track and manage our progress in achieving those objectives. ; A dedicated Social Value Manager will be assigned to every project, they’ll invite each buyer to our purpose built Hack Zone to input, co-design and sign-off the objectives that will support local communities in Milton Keynes (MK); To ensure the health and wellbeing of all Aiimi staff working on projects that arise from this framework, we’ll appoint a Mental Health First aider. They’ll provide support and signpost someone experiencing poor mental health so they can get the help they need.; When buyers engage our services, they’ll help sustain and develop the Aiimi Wellbeing allowance. This is essentially £500 per member of staff to spend on activities and experiences that will improve their health and wellbeing. ; We’ll be able to continue to support and host The Man Cave which is a mental health support group that provides a non-judgmental space for men in Milton Keynes to meet and talk about the mental health issues they are experiencing. ; Our charity partnership with the YMCA (Milton Keynes) can also be sustained and expanded to support those experiencing poor health and well-being. From supporting one off events to offering work placements to improve their well-being. ; All Aiimi staff working on projects arising from this framework will be encouraged to donate a proportion of their five volunteering days to improving the well-being of the local community. From mentoring a young person facing difficulties to assisting a mental health support group to expand their IT capabilities.

Pricing

• Price: £33,000 to £33,000 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: For complex requirements we will run a 6 step proof of technology, usually over a 3 week period. This includes design sprint, user journey mapping, configuration and proof of technology.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at meustace@aiimi.com. Tell them what format you need. It will help if you say what assistive technology you use.