Naimuri

AI Assurance

Providing 3rd-party AI TEVV (Test, Evaluation, Verification & Validation) for Government customers & their vendors. Allowing risk-quantification of AI solutions prior to deployment, & development of best practices for automation & democratisation of MLOps. We provide expertise across a range of sub-disciplines e.g. computer vision, language models & uncertainty quantification.

Features

• AI & ML expert model assurance for high-risk deployment
• Dataset curation, augmentation & synthesis for stress-testing AI/ML Models
• End-to-end MLOPs for Cloud & Edge AI Assurance
• Research and guidance on best practice for AI Assurance
• Red-teaming AI systems to identify poisoning or adversarial attack vulnerabilities
• Explainability, uncertainty, interpretability and traceability studies of AI systems
• AI assurance Lifecycle Governance & risk assessment consultancy
• Visualisation & democratisation of AI assurance process
• Legacy & deployed model monitoring and A/B Canary Testing
• 3rd-Party AI/ML Assurance for forecasting, computer vision, LLMs & OCR

Benefits

• Route to productionisation of risk-assessed innovative AI solutions
• Measuring AI performance in OOD and constrained scenarios
• Widening organisational engagement in AI development and deployment processes
• Understanding and evaluating new threat vectors for AI systems
• Increased efficiency through automating the assurance process
• Robust analysis of benefits and limitations of AI systems
• Creating AI assurance roles around innovative tools & refined UX
• Systems reliant on secure data deployed in secure environments
• Transparent and traceable AI Governance and AI Assurance Governance

£302.10 to £1,396.02 a user a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at business@naimuri.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

523901808384846

Contact

Rob Steadman
07393631316
business@naimuri.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: No constraints
• System requirements: NA

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday - Friday; 0900 - 1700 - response times can be agreed upon request
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our approach to providing support is based on the needs of the customer. We use the SRE (Site Reliability Engineering) Approach to maximise our support and development activities. Beyond this, we will aim to deliver a support service that fits the needs of the customer - This can include in person, telephone, email or web support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide both onsite, online or in application training to suit the users needs. Delivered in an agile and iterative method.
• Service documentation: No
• End-of-contract data extraction: Contract dependant
• End-of-contract process: Time and Materials Contract

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Agile project teams means that we can work to customer budgets, time constraints and provide Suitably Qualified & Experienced Persons (SQEP)

Scaling

• Independence of resources: This is a software delivery service - the users will have a Time and Materials contract guaranteeing access to our service 'the people'

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: Bespoke services for our customers can be developed that will address customer's key challenges
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Contract dependent - we can develop bespoke services to suit the customer
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • Parquet
  • XML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Parquet
  • XML
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Contract dependant
• Approach to resilience: Contract dependant
• Outage reporting: Contract dependant

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Single Sign on
• Access restrictions in management interfaces and support channels: Contract dependant
• Access restriction testing frequency: At least once a year
• Management access authentication: Other
• Description of management access authentication: Contract dependent - we support the following: * 2-factor authentication * Public key authentication (including by TLS client certificate) * Identity federation with existing provider (for example Google apps) * Limited access over government network (for example PSN) * Dedicated link (for example VPN or bonded fibre) * Username or password * Other

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Citation ISO Certification Limited
• ISO/IEC 27001 accreditation date: 10/06/2023
• What the ISO/IEC 27001 doesn’t cover: Solutions and or technologies not owned by Naimuri. When staff utilise IT systems belonging to clients, partners, or associates, their actions and the information related to both the staff and Naimuri still apply. They must still follow Naimuri’s baseline security standards, even though the IT assets themselves are not directly owned or managed by Naimuri but by another entity.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Contract dependent and; ; SPF (Security Protective Framework),; HMG Information Assurance Standards (IS1, etc.); ,OWASP; ,10 Steps to Cybersecurity; ,EUD Security Principles; ,Cloud Security Principles; , Different types of accreditation/certification, i.e. ISO27001, Cyber Essentials, etc

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Contract dependent to meet customer requirements
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Contract dependent to meet customer requirements, including Cyber Essentials & ISO27001, IT Health Checks supported by various threat intelligence reports.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Contract dependent - platform specific requirements and tools for the management approach.
• Incident management type: Supplier-defined controls
• Incident management approach: Contract dependent, both customer defined and Naimuri incident management processes followed

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Naimuri has an Environmental Impact Power Group responsible for coordinating the firm wide approach to sustainability and environmental impact.; Key approaches include:; Set up recording and monitoring of our Scope 1, 2 and 3 carbon emissions.; Created a carbon reduction plan - committed to achieving Net Zero emissions by 2050 or sooner.; We are establishing carbon literacy workshops for colleagues and partners to improve understanding and encourage more sustainable operations and behaviours.; Engaging with other customers and suppliers to look into more sustainable upstream and downstream results.

  Equal opportunity

  At Naimuri we actively promote a diverse and inclusive environment. We have partnerships with Manchester Digital (promoting women in IT), Coding Black Females, NorthCoders (An IT Bootcamp for people who are cross training or reskilling), and other initiatives.; ; We actively seek to recruit people from various backgrounds to build diversity in our teams, making sure we don’t just recruit degree qualified individuals. Each year we take on Apprenticeships, Graduates and early careers (people swapping careers or returning to work), and invest in their growth and progression thorough our early careers progression framework.; ; Our approach to recruitment is centred on our values and culture. We provide benefits to promote flexible working patterns including part time working, which allows many people who have found this a barrier to entering tech roles, the opportunity to join us and pursue their career. Our culture promotes a flat delivery structure on projects, giving everyone an equal voice in how the team operates and delivers.

  Wellbeing

  We encourage, invest and enable our people to develop what’s important to them, resulting in company initiatives (we call them Power Groups). These promote people's wellbeing and improve our environmental impact. This in turn has led to people becoming training mental health first aiders or skilled to perform environment audits.; The Naimuri Mental Health Wellbeing Group has established multiple measures, including investment in time and funding, to support MH & Wellbeing. Regular wellbeing support and activities are established as BAU. There are regular monthly updates to firm wide briefings to maintain a strong leadership approach for values and messaging relating to MH & Wellbeing and the enablers required to support this (e.g., appropriate resourcing of projects).

Pricing

• Price: £302.10 to £1,396.02 a user a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at business@naimuri.com. Tell them what format you need. It will help if you say what assistive technology you use.