Blackdot Solutions Ltd

Videris OSINT Investigations Platform

Videris OSINT platform enables users to conduct OSINT investigations faster and more accurately and identify hidden connections and risks. Collect, analyse and visualise Open Source Intelligence and combine with internal data. Videris is used by government agencies and law enforcement to transform efficiency and effectiveness in OSINT investigations.

Features

• Search across 100+ live OSINT data sources simultaneously
• Automated data filtering and categorisation
• Data and network visualisation on a chart, grid or map
• Automate manual tasks like collection and plotting data on visualisations
• Automatic evidential source capture
• Controls investigators’ online footprint when browsing and collecting data
• Unique analysis of publicly available social media data
• Supports any language and script
• Optional integration with internal or additional data sources
• Multiple deployment options, remote access available

Benefits

• 5x productivity improvement by accessing all data within one platform
• Find the right information amongst large volumes of internet data
• Understand networks faster and spot connections you wouldn’t have otherwise
• Spend less time on manual collection and more on analysis
• Never lose evidence, even if it’s removed from the internet
• Stay secure and avoid revealing your identity to malicious actors
• Gain unrivalled ability to collect and analyse social media data
• Enrich internal data with live internet data for new insights
• Fast time to value with world-class training and support
• Increased effectiveness through collaborative team working

£6,000 a licence a year

• Free trial available

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jake.taylor@blackdotsolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

614265921508845

Contact

Jake Taylor
07585 864215
jake.taylor@blackdotsolutions.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: None
• System requirements:
  • A computer with internet access
  • An up to date Microsoft Edge, Chrome, Firefox or Safari

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 24 hours (excluding UK bank holidays and weekends)
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Full technical support is provided throughout the licence term. A technical account manager is designated to each client.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Full user training provided onsite and online as required. Full user documentation provided. Additional training provided throughout the licence term.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users can remove their data to their own or third party systems in a number of formats including JSON, CSV, PDF.
• End-of-contract process: There are no additional costs at the end of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Full investigations platform including network analysis, search, map, timeline and reporting visualisations.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: An accessibility audit was undertaken by an independent organisation.
• API: Yes
• What users can and can't do using the API: Push and pull data.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Data sources can be added by the client or the supplier.

Scaling

• Independence of resources: The service is single tenant therefore demand from one client cannot impact other clients. We have carried out extensive performance testing of the service for >150 concurrent users per server/customer.

Analytics

• Service usage metrics: Yes
• Metrics types: User level data including full usage statistics.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Videris users can export their data in various formats including PDF, JSON, CSV and through the Videris import/export API.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • JSON
  • Docx
  • Jpeg
  • Png
• Data import formats:
  • CSV
  • Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: SLAs take in to account individual client requirements.
• Approach to resilience: We use multiple availability zones and industry-leading resiliency technologies. More information is available on request.
• Outage reporting: In-program dashboard and email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Access is provided on a least privilege model. MFA is utilised where possible.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SGS United Kingdom Ltd
• ISO/IEC 27001 accreditation date: 23/07/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Penetration test performed by a CREST-accredited security testing company

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Information security policies are centrally managed and reviewed by management annually. All staff complete annual training on key topics and are aware of their requirements to ensure that we maintain compliance.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Blackdot Solutions follows ISO27001 best practices regarding change management. Our ISO27001 Information Security Management System documentation outlines our approach to change management. All changes are planned, logged, reviewed by senior engineering managers and tested for both stability and security before being promoted to any Production environment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our ISO27001 Information Security Management System documentation outlines our approach to the management of technical vulnerabilities in our software. We commission a penetration test by a CREST-accredited third-party after every major change or every 12 months. Any vulnerabilities discovered during a penetration test are immediately assessed and ticketed for remediation. Updates can be distributed to all customers rapidly (hours) and customers can choose to enable automatic security patching if they prefer.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Blackdot monitor access patterns, usage levels and errors for abnormal activity across our services. Alerts are generated for our Operations and Information Security teams and a response is actioned. If required, updates can be distributed to all customers effectively immediately.
• Incident management type: Supplier-defined controls
• Incident management approach: All incidents are reported and managed in accordance with the Incident Response Policy. Incidents are investigated and appropriate actions are taken to remediate and control against any identified risk. Post-incident Retrospectives are held and findings communicated. All efforts are taken to reduce the likelihood of future incidents. Users can report suspected incidents to our Technical Support team.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Covid-19 recovery:

  Covid-19 recovery

  Videris is used to fight financial crime including Covid related frauds.
• Tackling economic inequality:

  Tackling economic inequality

  Videris is used to fight financial crime including the abuse of sanction regimes and other fraud.

Pricing

• Price: £6,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Full Videris licence, user training and technical support.

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jake.taylor@blackdotsolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.