ABC is an Artificial Intelligence platform providing real-time monitoring and management of a vast number of information sources (streams), detection of irregularities, detection of fraud or theft, flagging of risks, and enforcement of the chain of command & approval processes.


  • Connection to corporate databases
  • Real-time monitoring of multiple data sources
  • Pattern detection in data over time
  • Real-time detection of irregularities
  • Custom dashboards showing data flow and irregularities
  • Alerts sent up the chain of command
  • Approvals sent down the chain of command


  • Real-time detection of potential fraud, theft and other irregularities
  • Learns automatically from real data flow in the business
  • Upholds the chain of command for reporting and approval
  • Automatic actions upon detected irregularities if ignored by humans
  • Automatic validation and enforcement of data consistency


£400,000.00 to £3,000,000.00 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

5 4 3 1 0 1 7 0 1 9 6 5 5 0 2


Telephone: 07887242222

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
System requirements
  • Capacity depends on the size of the company
  • Maintenance Plan requires access to Hardware for On-Site Installations

User support

Email or online ticketing support
Email or online ticketing
Support response times
Level 1 support operates 9-5 Monday through to Friday excluding national holidays, response SLA of 1 hour. Level 2 support operates 24x7, response SLA of 1 hour.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
We are using the tools from third party vendors that guarantee conformance to at least WCAG 2.1 A level
Onsite support
Support levels
Level 1: 9-5 Monday to Friday excluding holidays 2nd level technical support.

Level 2: 24x7 2nd level technical support.

Level 3: 9-5 Monday to Friday excluding holidays end-user technical support.

Level 4: 24x7 end-user technical support. Pricing depends on the number of seats purchased.
Support available to third parties

Onboarding and offboarding

Getting started
• Kickoff. This step is represented by a series of meetings with the goal of identifying and detailing the customer’s pains to be solved by implementing our solution.
• Integration Points. In this step, we collect the following information: initial list of end users, databases to be integrated with, document storage locations to be integrated with, email system in place, messaging system in place, etc.
• Planning. Here, we meet with the customer to discuss their priorities, and to develop a joint implementation and rollout schedule.
• Initial Download. In this step, we configure access to the customer’s data sources and start the process of fine-tuning of the deployment.
• Training. We provide training to the users, in one or several sessions. Separate training programs are available for the end users and for the customer’s IT department. Full documentation and training videos are provided as well.
• Soft Launch. We launch our solution to a limited number of select users and verify that the system works to their satisfaction. This step includes us making any necessary fine-tuning of the system.
• Full Launch. We make our solution available to the user base. Our tech support is available to answer questions.
Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
End-of-contract data extraction
Individual users have an option of (a) downloading or (b) erasing their data. The organization may control if such options are offered and to whom, vs reassigning the data the the user's immediate manager. At the end of the entire contract, the organization has an option of downloading the data, or having it erased.
End-of-contract process
There are no hidden/additional costs upon expiration of the contract, unless there is a custom contractual agreement states otherwise, or unless the there are past due payments. The cost of exporting the data with subsequent deletion of the data, if requested by the customer, is included into the price.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Mobile version uses a different user interface, optimized specifically for mobile screen sizes and for a potentially lower transmission bandwidth
Service interface
User support accessibility
WCAG 2.1 A
Description of service interface
The user interface for the service is used in two ways: for fine-tuning configuration of the service, and for displaying alerts and dashboards. Configuration interface is web-based and is optimized for desktop. Alerts and dashboards are available web-based on both desktop and mobile, and also in a form of optional applications for iOS and Android, plus supports notifications via text and email.
Accessibility standards
WCAG 2.1 A
Accessibility testing
We are using the tools from third party vendors that guarantee conformance to at least WCAG 2.1 A level
What users can and can't do using the API
All functionality of the application that is available via the user interface, and all data feeds, are available in the form of an RESTful API. The main purpose of the API is to allow system integrators to build custom solutions around our platform. Mainstream installations do nor require any API access
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • PDF
  • Other
API sandbox or test environment
Customisation available
Description of customisation
Customization is available to the users with special admin privileges. Customization includes integrations with the document and communication systems in place, branding of the UI, security setup including users and roles, and custom dashboards.


Independence of resources
On-premise installations are physically segregated; installations to the customer's cloud account are segregated by the respective cloud provider; cloud SaaS installations are segregated logically (different databases, different computational nodes).


Service usage metrics
Metrics types
Activity across all data sources, monitoring track-able activities, alerts and their history and frequency, capacity utilization, system health status
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
The exportable data is divided into two categories: the user-supplied data (user profiles, configuration, etc) and the automatically learned data by our AI. The user-supplied data is exportable in CSV format. The combination of user-supplied data and AI data is exportable in a proprietary format for backup purposes.
Data export formats
  • CSV
  • Other
Other data export formats
Proprietary format intended for backup/restore purposes only
Data import formats
  • CSV
  • Other
Other data import formats
  • Proprietary format intended for backup/restore purposes only
  • XML
  • JSON

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Our SLA guarantees 99.8% uptime on monthly basis. The buyer is refunded with credits towards future usage. There are three kinds of credits: (1) for failures in range 99.5%-99.8% the credit per each incident received is equivalent of 1 day of operations, (2) for failures in range 99.0%-99.5% the credit received per each incident is equivalent to 3 days of operations, (3) for more serious failures the credit received per each incident is equivalent to 5 days of operations.
Approach to resilience
For on-premise installations, we rely on server redundancy and data replication, plus an off-site backup performed by the customer. For cloud-based installations and SaaS, we rely on high availability server-less computing in AWS cloud, on highly scalable and highly available cloud databases (AWS DynamoDB), and on replication across data centers (regions) for ultimate resiliency; continuous backup to AWS S3 for worst case disaster recovery.
Outage reporting
Customers are provided with a real time health monitoring dashboard, reflecting the status of their services (health and capacity utilization). Automatic alarms are set for all the critical KPIs. Some of the alarms are consumed internally, but any alarm that has a potential of affecting the end users is escalated via email, text and push notifications to the apps, and is reflected on the dashboards.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Our application supports role-based security. Every user is assigned a combination of roles, which control access to various parts of software. Access rights are checked in the user interface (usually by hiding the unavailable features), on the API level for internal and external clients to prevent access to undesirable server functions, and at the critical execution points within the software. Our security logic is rigorously tested to ensure it has no holes, including penetration testing by independent third party hacking experts.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
The CEO of the company is responsible for the security of cloud and SaaS installations. There is a set of policies in place which govern all security aspects of the service. Security risks ae re-assessed no less than every 6 months, and any new discoveries are brought to the board's attention, as well as any security-related risks discovered outside of the recurring assessments. Our software and IT infrastructure are built in full compliance with CSA CM 3.0 and ISO 27001.
Information security policies and processes
Security policies are built into the product architecture and into the IT infrastructure, and are audited by an external independent entity every 6 months for compliance. The nominated board representative responsible for security of cloud services is the CEO of the company. For security governance, we follow ISO/IEC 27001 standard. Security and information security are part of our financial and operational risk reporting mechanisms; our board is always kept informed of security and information risk. We employ processes which identify and ensure compliance with applicable legal and regulatory requirements.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All changes of the source code go through a security code review, independently from engineering quality code review, for the purpose of assessing the security impact. All historical versions of the software's source code are preserved in the version control system, every software deployment is audited by automatic tools on continuous bases. All security fixes to the operating system, third party software libraries, web servers, virtual machines, compilers and run-times are installed within 10 business days from the date the patch is officially released, and deployed within 30 days.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We are currently relying on AWS Web Application Firewall service for detection and mitigation of common attack patterns, such as top 10 OWASP security risks, SQL injection, cross-site scripting, DDOS, etc. Threats detected by the Firewall are monitored by our engineers and by AWS personnel, and are stopped before they reach the software. Separately, the software is tested against all known threats as a part of the standard release cycle, or in case of newly discovered vulnerabilities or attack methods.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We monitor several sources, such as firewall reports, incident reports from our services, and currently published information on the known exploits. This information is then used as specification requirements to software testing and quality control. The compromises that were automatically prevented are passed to our engineering team. The compromises that affect the stability of the service or the security of the data are passed immediately to the engineering team with the highest priority, and the nature and state of such issues are immediately communicated to the internal responsible parties and customers; continuous updates are delivered as the repairs make progress.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Every incident ticket is classified as a specific type, which determins the internal workflow within the company. The three most frequently used workflows are (a) user requires assistance or needs training, (b) service outage, and (c) software malfunction (a "bug"). User-selected priority of the ticket control our internal escalation timelines. End users can report incidents directly from the application's user interface, via email, via chat, or via a phone call. Incidents open by our personnel are shared with the customer in the spirit of full transparency.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks

Social Value

Covid-19 recovery

Covid-19 recovery

Braintree have taken a proactive approach in managing the impact of COVID-19 on our employees, their families and within our local community.
To provide additional support, we distributed covid lateral flow tests to our employees and their families and ensured all employees were able to work in a secure environment within our office in addition to promoting working from home for those employees unsure about coming back to the office.
Due to the pandemic, we escalated plans to deliver training for employees and customers online, therefore preventing the need of in person interaction, as our software is browser based, it doesnt require onsite visits to install minimising our effect on the environment.
Our service assists organizations of all sizes predict business, financial, ecological, and other outcomes in a rapidly changing environment. This helps to plot an appropriate response to disruptions in the workforce, supply chain, and customer base caused by Covid-19.
As a B2B service, and as such, we do not directly interact with individual consumers or consumer communities. Our job is to enable businesses and government organizations to provide such support through our software through our primary aim to improve wellbeing and life for users.
Braintree ensured that employees were provided with all the tools (office accessories/ working from home essentials) to make their "home office" environment as comfortable as possible. In addition, Braintree consulted its employees regularly - providing them with up-to-date information of relevant new guidelines throughout the pandemic lockdown, this helped reassured employees of the situation. And, above all, Braintree ensured each staff were fully paid and none were furloughed.


£400,000.00 to £3,000,000.00 a licence a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.