Focus Data Services Ltd

Focus112

Focus Data's design systems tailored for both communication providers and law enforcement agencies, facilitating the streamlined handling of requests, retrieval, and analysis of communication data. Efficiently manage the acquisition of communication data from cellular service providers and transform it into actionable intelligence, benefiting operational inquiries and court proceedings.

Features

• Logs and manages cell data for law enforcement
• Automates cell data retrieval and dispatch
• Connects to live cell tower networks for instant data collection
• Stores CDR and subscriber/CRM data downloads for inquiries
• Bespoke cell data reporting from all cell providers
• Enforces strict controls ensuring agencies request are legally entitled
• Suite of products to manage data release in dynamic situations

Benefits

• Provides Law enforcement logistical data location and conformation.
• Easy access for all Law enforcement personnel
• Automated processes reduce the potential for human error
• Streamlines the process of requesting, retrieving, and analysing communication data
• Controls ensure requests for data adhere to legal regulations
• Enriches raw data with additional details, subscriber, cell site information
• Reduce costs associated with storage and management,
• A comprehensive solution for managing communication data requests

£60,000 to £250,000 a licence a year

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@focus112.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

686538835899643

Contact

Ray Green
07770441414
info@focus112.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Only accessed via Law Enforcement or telephone companies
• System requirements:
  • Access to a computer device and the Internet
  • Authority to access data (local legal requirements)
  • Password and two step authentication
  • Legal Authority
  • MS SQL Server Database
  • Windows Server

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: 3 hour response and 12 hour fix policy - depending on SLA
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Web chat is part of the design features of the product and forms part of the SLA.
• Web chat accessibility testing: User testing as part of SLA agreement.
• Onsite support: Yes, at extra cost
• Support levels: Our client support framework guarantees personalised assistance through dedicated contact managers assigned to address individual client concerns. Support services are accessible via email and telephone, with the added option of on-site visits should the need arise.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: New users have to be recommended by their department heads. An email will be required and then a password generated. ; ; Online training is available in the form of a FAQ page and training video's covering key usage and topics. Additional online training can be provided at cost.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Users do not retain ownership of the data; it is the property of the Law Authorities and Cell Company. Account cancellation triggers internal law enforcement protocols to be enacted.
• End-of-contract process: At the end of the contract all permissions to use the application are withdrawn. Additionally there is a safe removal of data on any servers if necessary.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Some aspects of the reporting structure will be less advanced than those on a desktop computer
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: An API is available that allows the linking of an LEA (Law Enforcement Agency) system to communicate with TO (Telephone Operator) systems. Traditionally API support is not given to users - however it could be made available under conditions to send and retrieve Requests from a system.
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: As part of a design feature and to comply with local legislation, customers have the ability to customise services. Additional customisation is available for user admin to edit web messages such as a login page message, message of the day and terms and conditions.

Scaling

• Independence of resources: Guaranteed availability is typically made available by using load balancing and failover systems when the main system is unavailable. If required the load balancing can be used in addition to auto-scaling systems to ensure availability.; As an alternative a secondary system can be run in parallal with limited access for just Life-at-risk or urgent situations in case of the main system being unavailable.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data export approach.; Data is exported is handled via web application downloads of reports in the users selected format via their browser.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: .xls
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • .xls
  • .xlsx
  • PDF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Guaranteed availability is typically made available by using load balancing and failover systems when the main system is unavailable. If required the load balancing can be used in addition to auto-scaling systems to ensure availability. As an alternative a secondary system can be run in parallal with limited access for just Life-at-risk or urgent situations in case of the main system being unavailable.
• Approach to resilience: This information is available on request.
• Outage reporting: Any outages are reported via an email alert. Our support team will then act upon the information to resolve the issue and provide updates.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management interframes are locked down to whitelisted networks which are clean and separated environments as to only have them exposed to the correct management personnel typically done using isolated VLAN.; When less trusted networks are incorporated jump servers are deployed to allow a supervised secure channel through firewalls.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSi
• ISO/IEC 27001 accreditation date: June 2021
• What the ISO/IEC 27001 doesn’t cover: The following falls outside our remit within ISO27001:2022; Human Resources; Financial Accounting; Some software packages, for example Azure and Microsoft 365 who each have their own ISO 27001 certification; Business Development and Marketing
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Focus Data comply with all regulatory standards in ISO27001:2022. Our polices cover information security, data confidentiality, integrity and availability. Access to sensitive data is strictly controlled through role-based responsibilities. We enforce encryption protocols to protect data in transit and at rest. Our ISO is responsible for the development, implementation and enforcement of these policies. The ISO reports to the MD.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Configuration and change management approach ; At Focus Data we track service components and assess changes for security impact. Changes undergo rigorous evaluation, including impact analysis and security assessment. Higher-risk changes require stakeholder approval. Security assessments consider vulnerabilities, compliance, and best practises. Continuous monitoring ensures adherence to policies and identifies areas for improvement. We maintain service stability, reliability, and security through these processes while facilitating agile adaption to business needs.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerability management process is meticulous and proactive. WE regularly assess potential threats to our services through continuous monitoring, threat intelligence feeds and penetration testing. Once vulnerabilities are identified, we prioritise and deploy patches swiftly based on the severity and potential impact. our patch deployment process is streamlined to minimise downtime and ensure rapid mitigation. We gather information about potential threats from various sources, Including industry advisories, security research organisations, vendor announcements and government agencies. This comprehensive approache enables us to stay ahead of emerging threats.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: The protective monitoring processes at Focus Data are designed to identify and respond to potential compromises immediately. We employ advanced monitoring tools and techniques to detect anomalous activities and indicators of compromise in real time. Our team immediately initiates investigation and containment procedures when a potential compromise is identified. Response times are prioritised based on the severity of the incident, with critical incidents addressed urgently. Our goal is to respond to incidents promptly, minimising the impact on our systems and data. Continuous refinement of our monitoring processes ensures agility and effectiveness in safeguarding our services against emerging threats.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We maintain comprehensive incident management processes to ensure effective resolution of disruptions or security incidents. We have processes for everyday events outlining clear identification, assessment and response steps,. Users can report incidents through designated channels. Including dedicated support channels, email and phone. Our incident response team promptly initiates investigation and mitigation procedures upon receiving an incident report. Incident reports are provided to stakeholders through timely and transparent communication channels. detailing the nature of the incident, it's impact and actions taken for resolution. Our goal is to minimise downtime, mitigate risks and ensure our services ongoing integrity and security.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  Provides law enforcement with up to date information to aid their investigations ensuring members of the public are safe. Assisting law enforcement to apprehend criminals easily with documented evidence ensuring quality of service.

Pricing

• Price: £60,000 to £250,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@focus112.com. Tell them what format you need. It will help if you say what assistive technology you use.