Synalogik Innovative Solution

The Scout® Platform for Global Commercial Data, Supply Chain and Supplier Verification

Meet Scout® by Synalogik, a one-of-a-kind, auditable and evidential data aggregation platform for discovering hidden risks and providing searches across third-party, internal, and open-source data sets. Scout® automates enquiries individually or bulk upload. Real-time interrogation of multiple investigations with automated risk analysis for identification of fraud or other criminal activity.

Features

• Single access to multiple open source (OSINT) data feeds
• UK and Global Commercial, CRA data, Government data, Police data
• Single Intelligence Database with open source data built in
• Upload of users own data to clash against Scout data
• Combine open source with risk assessment and search terms
• Optional capability to automatically identify links between seemingly disassociated enquiries
• Search for People, Companies, Addresses, Phone Numbers, Email Addresses, VRNs
• Robot Process Automation, Scalable, Compliant, Multiple language searching, Bulk upload
• Automatically collates reports, tables and node-view into bespoke reports
• Create bespoke configurations as templated workflows, faster and accurate searching

Benefits

• Hours of manual research conducted delivered in minutes, 85% efficiency
• Automates the manual process of collating relevant information
• Highly intuitive and easily accessible platform interface
• Evidential and provides increased operational efficiency, fully auditable
• Reduced investigation costs, time, collation, Evergreen platform, UK held data
• Greater accuracy, Automated aggregation and auditing resolves human errors
• Supercharged operational efficiency, single intelligence environment that maximises efficiencies
• Create templated searches with fixed risk assessments, used bulk/individually;
• Secure, multi factor authentication, cloud based GDPR compliant, encrypted
• Fuzzy logic and pattern matching to assist entity-resolution

£499 to £2,145 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at public.sector@synalogik.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

531138232775728

Contact

Julie Hewitt, Head of Government Sales
+44 7949222013
public.sector@synalogik.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: None
• System requirements:
  • Cloud based, have cloud licences or willing to purchase them
  • Platform will require firewall access configuration within organisational security policies.
  • Accessed via secure, pre-authorised, URL at fixed IP addresses
  • Third party data access via existing contract or via Synalogik
  • Access via standard web browser
  • Harnessing core technologies (microservices architecture, Apache Kafka, ArangoDB) for integrations

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Dependant on the Priority of the Service Level Agreements; Priority 1 - Phone - 1 working hour response time, 24hr resolution time, updates every 2 working hours; Priority 3- Phone /Email- 4 working hours response time, 3 working days resolution time, updates every 8 working hours; Priority 4 - Phone /Email- 48 working hours response time, 5 working days resolution time, updates daily.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Synalogik inclusive support levels include email and on-line ticketing and services. Responses during working timelines; UK Mon-Friday 9-5. Prioritisation ticketing available. Account managers and cloud support engineers provided. Ongoing Support Incident Management During transition Synalogik provide Early Life Support: Controlled handover of the platform to Service Operation (BAU). This includes operational support and knowledge transfer. After platform integration Synalogik provide centralised incident management service providing single point-of-contact with triage responsibility.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: For customers who wish to use our standard AWS cloud, onboarding with Scout® is a straightforward process, led by our Operations Team. However, in the circumstance where a customer wishes to be deployed in an alternative environment e.g. private cloud, an element of professional services is required to facilitate that delivery.; In our experience, the deployment of Scout® into a new environment requires enterprise-wide collaboration between stakeholders and business functions such as Service Owners, Design Boards, Accreditors and DevOps teams. Synalogik Professional Services offer end-to-end services to assist with all necessary steps to support the related integration activities within our programme management delivery, using either waterfall (PRINCE2), agile (Kanban) or blended project delivery styles as preferred.; For new user accounts for Scout® Synalogik offer, per account:; ; User Guides; ; *Online self-help portal (populated with electronic user instructions); ; *Business Hours Helpdesk; ; *Computer-Based Explainer Videos and other support as follows:; ; *90-minute basic user session giving an introduction to the functions and capability within the Scout® platform.; ; *30-minute extension to the 90-minute basic user session for super-users to deal with managing users' permissions.; ; *Videos in the self-help portal; ; *Monthly user clinics hosted online on various Scout® pieces of functionality
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Scout contains functionality for Client to export all Search Results from Scout at any time. All Search Results in Scout will be automatically deleted 90 days after the end of the Subscription Term for Scout or the MSA. If requested by Client, Synalogik shall (at Client’s cost) provide reasonable assistance for up to 30 days following the end of a Subscription Term for Scout or the MSA to enable Client to export Client Searches from; Scout.
• End-of-contract process: Either Party may terminate the MSA for convenience by giving 90 days’ notice to the other Party at any time after the Initial Term. Scout contains functionality for Client to export all Search Results from Scout at any time. All Search Results in Scout will be automatically deleted 90 days after the end of the Subscription Term for Scout or the MSA. If requested by Client, Synalogik shall (at Client’s cost) provide reasonable assistance for up to 30 days following the end of a Subscription Term for Scout or the MSA to enable Client to export Client Searches from Scout.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The is no difference other than the formatted layout
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: We create a bespoke URL for access for all clients. each client environment has access to their own zen desk for all their support needs
• Accessibility standards: None or don’t know
• Description of accessibility: We are still in the testing stages of accessibility - at present we don't believe there are any restrictions on what users can and can't do.
• Accessibility testing: We haven't yet started testing with users of assistive technology.
• API: Yes
• What users can and can't do using the API: Synalogik have an inbound and outbound API facility available for our platforms, meaning that clients can integrate with the Scout® platform and retrieve results from our data aggregation, risk scoring and visualisation tools direct from their user interfaces.; ; Users can initiate workflows, aggregate multiple data source results and cleanse potentially relevant “results” using our picklist list through our Inbound API.; ; Users can run searches, create picklists, set templated workflows, automate Open source enquiries and receive risk scored results through the outbound API.; ; The Scout Public API is provided as a stateless RESTful API. Our API has relevant URL endpoints, accepts specific-format JSON request bodies, returns JSON-encoded responses, and uses standard HTTP status codes.; ; The purpose of this API is to allow user organisations to remotely manage their interaction with the Synalogik Scout service. ; ; Full documentation is available for both APIs, upon request.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customisation includes the data sources, functionality, open-source templates and templated workflows. Superusers have the ability to select the data sources, functionality, open-source templates and the ability to create templated workflows. Standard users do not have these functions available.

Scaling

• Independence of resources: The Synalogik cloud based autoscaling technologies ensure we can cope with the demands on the service from multiple users/accounts on the service.

Analytics

• Service usage metrics: Yes
• Metrics types: Management Information reports are available showing usage of Scout®, enabling managers to identify any non-usage and respond accordingly. The reports can also help to identify training, tradecraft gaps and weaknesses, which can then be addressed – all of which are delivered by Synalogik as part of our commitment to best-in-class investigations and customer support.; ; Reporting consists of a monthly emailed “MI” report setting out the required information. Instantiation deployment to Official Sensitive or above, Synalogik cannot access to this information and as such MI reporting is not available, however, it can be retrieved by internal users directly from the system.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Scout® reports can be exported into pdf, excel, word or an outbound API (JSON format) into their CRM system.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Synalogik shall endeavour to make Scout available to Client Users 24/7 and monitor for any issues. All Data Feeds are subject to Data Supplier SLAs. Synalogik shall agree and meet the Scout SLA and the Technical SLA in the Service Level Schedule to the Order Form. If Synalogik fails to meet the Service Levels in the Service Level Schedule, Synalogik shall: (a) take those actions reasonably necessary to correct the problem and begin meeting the Service Levels as soon as reasonably practicable; (b) initiate investigations to identify the root causes of such failure; and (c) where; appropriate, make written recommendations to Client, including the actions proposed by Synalogik and to be carried out by Client, for improvement in procedures to satisfy the Service Levels and prevent any recurrence of such failure; (d) adopt a ‘work the problem’ approach; to seek to correct and minimise recurrences of all Service Level failures for which it is responsible. Synalogik shall deliver to Client, within 15 Business Days after the end of each Calendar Month, a report setting out performance against the Scout SLA and the Technical Support SLA.
• Approach to resilience: Available upon request
• Outage reporting: The Scout® service will automatically send an alarm internally to alert Synalogik of an outage - once received, an email alert is sent to all clients. In the event this doesn't happen, Synalogik provides a centralised incident management service for Scout® / DataHunter and all supported data interfaces. This provides our customers with a single point of contact for DataHunter and places the responsibility to triage incidents on the relevant data interface supplier with Synalogik. ; ; Synalogik will manage all incident resolutions between 2nd Line and 3rd Line via separate, agreed ways of working with our data interface suppliers.; ; Synalogik defines incidents as either ‘Standard’ or ‘Outage.’ The initial response time is calculated from when the incident is reported to Synalogik to when an initial response has been communicated from Synalogik Support. The resolution is the time agreed for Synalogik to find a resolution to the incident or request - initial business response within 1hr and resolution of the outage within 1 hour

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: IP /VPN Pre-registration
• Access restrictions in management interfaces and support channels: User and system access is provided at four levels:; ADMIN - Access to the Synalogik Administration and Helpdesk, Ability to reset passwords, unlock accounts and disable user access; SUPERUSER - Investigator functionality with admin functionality, Ability for investigators to also reset passwords and unlock accounts; GENERAL USER - Investor/Analyst, Ability to use full functionality of the Scout® platform; AUDIT - Professional standards/Compliance, Ability to view user activity
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: IP/VPN Pre- registration.

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International
• ISO/IEC 27001 accreditation date: 22/03/2020
• What the ISO/IEC 27001 doesn’t cover: Only minor items identified in the SDS - Statement of Applicability v1.3 Everything else in the company remains covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our Chief Commercial Officer is the Company’s Compliance Officer and DPO. We have an Information Security Manager, reporting to the CEO who is fully dedicated to the roles of Risk Management, Business Continuity and Information Security Management. Mandatory Training is in place for all staff and a disciplinary policy should it not be followed.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Synalogik have a change management policy which is underpinned by processes and procedures based on ITIL best practice. This is a mature process. We use a service management tool that integrates change management, incident management, problem management, configuration management and knowledge management. Our change management policy, processes, and procedures are regularly audited. Formal risk analysis is employed using an approved information risk analysis phase for developments/changes. Security requirements for the system are identified and continue to be considered throughout the life of the product.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Annual penetration testing regime. Automated scanning for vulnerable software using AWS Patch Manager on EC2 instances and all Apple Mac endpoint devices are Mobile Device managed to push the latest security and macOS patches to the devices without delay. We hold NCSC security accredited ‘Cyber Essentials Plus’ via IASME. We undergo a full annual technical audit of all our systems and endpoints, by an external IASME qualified assessor who examines technical security controls, testing that they exclusively work through a technical audit including internal and external vulnerability scans. Cyber Essentials Plus certification includes automatic addition to their cyber liability insurance.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We utilise AWS Guard Duty with AWS Security Hub which scans all our access logs and immediately alerts to our Slack instance if it identifies anything suspicious. We then intervene to take the necessary action as required. We also receive National Cyber Security Centre (NCSC) Weekly Threat Reports and act to incorporate any mitigations to threats & vulnerabilities identified that are relevant to our IT estate.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Synalogik provides a centralised incident management service for Scout® / DataHunter and all supported data interfaces. This provides our customers with a single point of contact for DataHunter and places the responsibility to triage incidents on the relevant data interface supplier with Synalogik. ; ; Users can report incidents directly via Zendesk (built into Scout®). Incident reports are provided by email once the full Root Cause Analysis has been undertaken.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Recruited 1.5FTE to decrease cloud costs for running our platforms, as commitment to our Carbon Reduction plan. We have introduced remote working for all staff to reduce the environmental footprint and committed to not expand the office size, training is provided to all staff on their responsibilities to this.
• Covid-19 recovery:

  Covid-19 recovery

  Awarded a grant from UK/R for £15k for external resource, which was used to pay for legal resources, enabling it to be taken to market quicker. The funds allowed us to employ 15 staff to integrate the data sources in the Data Hub.; ; Investment of £3m allowed us to employ a further 30 staff across compliance, data security and IT to integrate data sources in our product. The founders did not take any money and decreased their shares to feed back into the company to support expansion and growth, including training of staff.; ; Synalogik are committed to take summer internships for university or college leavers or those taking holidays from their studies.; ; Synalogik are also in the process of writing digital intelligence and investigation skills courses with a view to having them available for City & Guilds Accreditation. Our staff will benefit from these for free, as a benefit of their employment with the business.; ; Futhermore, the investment saw us grow from 20 to 60 staff from Feb 2020 to April 2022, with plans to recruit a further 6 staff in 2022.
• Tackling economic inequality:

  Tackling economic inequality

  A founder is still in chambers as a Barrister and has 50 days per year in the criminal justice system. This includes work experience for those in training to become a legal professional.; ; The Chief Operating Office is undertaking a PhD in Risk Management, which is funded by Synalogik to support his personal development. We will provide this opportunity to one staff member as we grow each year.; ; We fund training course for staff development including data protection and compliance to develop specialist skills, and have a sales course planned for the sales teams in year.; ; Udemy Business is provided to all staff to develop both professional and personally with courses they can choose. We provide 2 hours per week to dedicate training time for this.; ; We are looking to support charities that provide clothing for interviews, by donations from our staffs own clothing.; ; We have committed to supply chain resilience by creating our Supplier Diversity Policy which is available on our website.
• Equal opportunity:

  Equal opportunity

  Signed the Disability Confident scheme, level 1 and Signing the Armed Forces covenant later in 2022 to support work opportunities. Policy for diverse staff/inclusion is underway. Remote working allows staff with disabilities, caring responsibilities or other commitments to achieve a better work/life balance and remove obstacles for employment.
• Wellbeing:

  Wellbeing

  Provide private healthcare and minor life insurance for dependants as staff benefit to support their wellbeing and families wellbeing. Dogs in the office days to boost morale and wellbeing. Flexible working hours are standard for all staff. Support staff in training opportunities with local sports and sponsorship. Charity committee being set up to support charity provisions, including volunteer days for staff to listen to children read and support foodbanks, provide workwear for interviews for unemployed persons, and raise money for charities as voted for by staff, all improving community cohesion.

Pricing

• Price: £499 to £2,145 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Synalogik offer new customers a complimentary 20-day trial of the core Scout® platform (for up to 5 Users) to demonstrate functionality and operational value. In advance of any trial, appropriate contracts for Data Protection purposes need to be agreed and signed.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at public.sector@synalogik.com. Tell them what format you need. It will help if you say what assistive technology you use.