Neotas

Neotas Investigative SaaS Platform

Neotas offers online investigative enhanced due diligence solutions through its AI-driven SaaS platform that harnesses the power of OSINT to identify, understand, and connect both structured, unstructured data across the surface, deep, and the dark web to help private and public sector analyse digital footprint of any given entity.

Features

• Auditability
• Consistent & multi-language research
• Risk Tagging & Filtering
• Ongoing Monitoring
• Configurability
• Secure Storage of information
• Report Template
• Entity Network Analysis

Benefits

• Research Notes Comments. Audit Trail. Structured Case Data Storage
• Centralised Source List. Checklist Functionality.
• Tailored Reporting. Streamlined Reporting Process.
• Pre-Populated Findings. Editing Flexibility.
• Unified Querying. Consistent Presentation.
• Automated Authentication. Seamless Source Access.
• Automated Internet Queries. Quality and Consistency.
• Holistic Insights. Enhanced Investigative Depth. Network Analysis.

£100 to £1,100 a licence a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@neotas.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

626543795300461

Contact

Customer Success Team
+44 (0) 208 0902 622
info@neotas.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Not Applicable.
• System requirements:
  • Chromium Based Web browsers
  • Internet connectivity

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 9 AM to 5 AM (Monday to Friday) excluding public UK holidays.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Critical Functions – Recovery timeframe upto 8 hours. Non-critical Functions – Recovery timeframe upto 24 hours.; ; Following are the support priority levels.; ; P0 - Catastrophic ; ; The Cloud Services are not operational. ; ; P1 – Critical ; ; Material functionality is not available and there is no temporary workaround. ; ; P2 – Serious ; ; Important but non-material or non-critical functionality is unavailable and there is no temporary workaround. ; ; P3 – Normal ; ; Important but non-material or non-critical functionality is unavailable and there is no temporary workaround. ; ; P4 – Minor ; ; Any other incident; ; All included in the license fee.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Neotas provides training on its SaaS platform via an online learning management system (LMS):; ; o Through this online learning management system, Neotas offers a live trainer-led robust training program; o Trainees can access structured courses, tutorials, and resources to master the Neotas platform.; o Neotas LMS ensures consistency, scalability, and self-paced learning.; ; Neotas also offers introductory training sessions.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All our outputs can be downloaded, if they haven’t yet been via our SaaS platform, or we can work with the clients to help them extract the data.
• End-of-contract process: When a contract is about to end, the party (user) that was a part of the contract must continue to keep any confidential information private. This duty lasts for five years, unless both parties agree otherwise. During this time, the contracted entity should avoid sharing or revealing confidential data. If there are any exceptions to this rule, they should be explicitly stated in the contract. It’s essential to address this post-termination confidentiality commitment to protect sensitive information.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: We offer APIs that get customised depending upon the usage of our users. We are happy to talk more in detail on-demand.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: We offer customisations depending upon the requirements of our users. We are happy to talk more in detail on-demand.

Scaling

• Independence of resources: We guarantee that one user cannot be affected by the demands of other users’ requests. This assurance underscores our commitment to maintaining a seamless experience for each individual user, regardless of the overall demand for our service. By carefully managing resources and optimizing our infrastructure, we ensure that every user’s interactions remain unaffected by external factors.

Analytics

• Service usage metrics: Yes
• Metrics types: Case Metrics Dashboard. Tools Metrics Dashboard.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users have the ability to export their research reports, but they are restricted from extracting any additional data beyond that.
• Data export formats: Other
• Other data export formats: Pdf
• Data import formats: Other
• Other data import formats: Pdf

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Neotas will make its cloud services available at least 99.5% of the time as measured over the course of each calendar month during the Subscription Term. For purposes of calculating the Availability Requirement, the following are “Exceptions”; ; Acts or omissions of Client, its Affiliates, any Authorized User, or any other Third Party outside of Neotas’ sole control; ; ; Access to or use of the Cloud Services by Client, its Affiliates, or any Authorized User, or use of an Authorized User’s Access Credentials, that does not comply with this Agreement; ; ; Force Majeure Events; ; ; Failure, interruption, outage, internet connectivity issues, or any other problem with any software, hardware, system, network, facility, or other matter not supplied by or attributable to Neotas; ; ; Scheduled Downtime, provided that it shall last a reasonable time and shall not prejudice de facto the use of the Cloud Services by the Client; or ; ; disabling, suspension, or termination of the Cloud Services in accordance with the terms of this Agreement.
• Approach to resilience: Our service is meticulously designed to ensure resilience, even in the face of unexpected failures. One of the key elements in our approach is:; ; Load Balancing: Load balancing plays a pivotal role. By distributing traffic across multiple servers, we prevent overload on any single component. This redundancy ensures uninterrupted service availability.; ; While specifics about our data center setup are available on request, rest assured, regular backups and disaster recovery plans further safeguard your data.
• Outage reporting: Email alerts: Email alerts help our users understand about any outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: We tailor access to our systems based on user roles and responsibilities. To gain entry, users must authenticate with a username, password, and two-factor authentication (2FA). Additionally, all devices adhere to the Neotas device compliance policy.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Intercert
• ISO/IEC 27001 accreditation date: 14/06/2023
• What the ISO/IEC 27001 doesn’t cover: Everything is covered for a scope of Due Diligence products and services that come under the ISO27001 certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO27701

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Neotas’ (ISP) is underpinned by the ten following principles:; ; 1. Information will be protected in line with all relevant company policies, relevant legislation, notably those relating to data protection, human rights and freedom of information.; 2. The integrity of information will be maintained.; 3. Each information asset will have a nominated owner who will be assigned responsibility for defining the appropriate uses of assets and ensuring that appropriate security measures are in place to protect the asset.; 4. Information will be made available solely to those who have a legitimate need for access and the company will operate on a need-to-know policy.; 5. All information will be classified according to an appropriate security level.; 6. It is the responsibility of all individuals who have been granted access to information to handle it appropriately in accordance with its classification.; 7. Information will be protected against unauthorised access.; 8. The company will strive to continually improve, update this Policy in accordance to the company’s changes in information security processes. ; 9. These principles will be made known to all staff.; 10. Compliance with this Policy will be enforced.; ; Responsibility for the maintenance, and application of this policy lies with Head of Information Security.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: The objective of Neotas’ Change Management approach is to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes to controlled IT infrastructure and Applications. Also, to minimize the number and impact on service delivery. It is to ensure the correct & secure operation of information processing facilities.; ; Change management is responsible for managing change process involving:; • Hardware/ Servers (including OS Patches, Firewall Rules and Firmware Upgrades); • Software (including Application).
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Before we release any new features, we thoroughly check for potential security issues during our VAPT activities. If we find any issues, we promptly work on fixing them. Our goal is to keep our system safe and secure.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We identify anomalies via our system logs. We start working on these anomalies as soon as we discover them under the system logs. Post detecting the compromises or anomalies, we start acting on them as soon as possible to avoid further compromises.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident management approach lies under our business continuity plan which is designed to help Neotas cope with the aftereffects of an emergency. It contains business priorities (critical, non-critical functions, timeframes, recovery procedures, how users report incidents and to whom (internal teams, external vendors), and incident reports (action and expenses logs).

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our platform can be used to support your own objectives.

  Covid-19 recovery

  Our platform can be used to support your own objectives.

  Tackling economic inequality

  Our platform can be used to support your own objectives.

  Equal opportunity

  Our platform can be used to support your own objectives.

  Wellbeing

  Our platform can be used to support your own objectives.

Pricing

• Price: £100 to £1,100 a licence a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@neotas.com. Tell them what format you need. It will help if you say what assistive technology you use.