Phonehub IO Ltd

HYDRAX Secure Mobile Device Management Service

Hydrax is a cloud managed, ultra-secure locked-down operating system for mobile devices such as tablets and phones, enabling them to be used by prisoners and prison staff in custodial environments without the risk of abuse. It has been fully penetration tested and deemed fit for use in prisons.

Features

• Managed mobile device enrollment
• All apps removed at source
• OTA updates over Wi-Fi
• Remote battery management
• Role Based Access control
• Detailed audit train user and staff events
• Hardened operating system
• Custom app provisioning
• A more secure alternative to traditional Mobile device management services
• Ability to provision operating systems beyond manufacturer's lifecycle

Benefits

• Introduce technology in your prison without compromising security.
• Improve family contact with on-device email, voicemails and video calls.
• Improve prison efficiency with electronic ordering and messaging.
• Enhance prisoner education and job opportunities with appropriate apps.
• Offer the benefits of digital content without the risks.
• Beat manufacturer's built in obsolescence by extending device support
• Entertainment, education and productivity applications
• Unique approach to device security for unmatched assurance
• Unwanted functionality removed at source making compromise impossible.
• Enables you to manage the complete lifecycle of Hydrax Tablets

£0 to £18.00 a device a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alex.redston@phonehub.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

717711618200116

Contact

Alex Redston
01603340589
alex.redston@phonehub.io

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Prison Video - Secure Video Calls service
• Cloud deployment model: Public cloud
• Service constraints: The service only supports devices which have the Hydrax secure operating system installed. Hydrax is an Android Open Source Project derived secure operating system for tablets which has been developed in house by the supplier.
• System requirements:
  • Devices must be compatible with Android Open Source Project
  • Management via Chromium based browser such as Edge

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: During normal business hours we aim to respond within 2 hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: None
• Onsite support: Onsite support
• Support levels: We provide support by email and telephone.; ; Phone and email support is triaged by our customer service team, with prompt escalation where necessary. All queries responded to rapidly, typically within 1 hour.; ; Technical account manager:; Acts as a bridge betweem customer commercial and operation teams and our technical teams.; ; Cloud support engineer - able to assist with deployment of technology, such as OTC (Over the cloud) updates to operating systems and applications.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: There is a technical discovery phase to ensure the devices are compatible with the operating system. Once confirmed, onboarding can be done on-site. Training is provided on-site or remotely. Documentation and guides are provided.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Prison staff can, if required, request copies of their data at the end of the contract.
• End-of-contract process: If the prison is using Phonehub devices, the devices need to be returned. If the prison is using its own devices, Phonehub will remotely wipe all devices of the software.

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The operating system runs on Android-compatible devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Prison staff can access an admin portal which enables them to manage devices and deploy remote updates.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: None
• API: No
• Customisation available: Yes
• Description of customisation: Individual establishments can request specific settings and apps for their devices.

Scaling

• Independence of resources: The nature of cloud software means that the service capability grows as the user base grows. All hardware and network connections are chosen to be highly scalable.

Analytics

• Service usage metrics: Yes
• Metrics types: Device usage.; App usage.; Screen time.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data by making a request to the Phonehub team.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Services are available 365 days x 24 hrs with guaranteed SLA of 99.9% of availability.
• Approach to resilience: Available on request.
• Outage reporting: Email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Two-factor authentication required to access management interfaces and support interfaces. Access is restricted using Role Based Access Control to approved user accounts, VLAN on the network and access to the network interface. Routing restrictions are in place with registered MAC addresses and access to the routers is restricted to admin's only. VPN's are in place to ensure the data is secure during transit.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyds Register
• ISO/IEC 27001 accreditation date: 05/07/2021
• What the ISO/IEC 27001 doesn’t cover: All of our business activities are within the scope of our ISO 27001 certification. ; ; Our statement of applicability excludes outsourced software development, which we do not engage in. All development is done in-house.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Security Metrics
• PCI DSS accreditation date: 18/02/2016
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Penetration tested by an NCSC approved CHECK Certified company

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We follow security processes as documented in our Information Security Management System (ISMS) Policy Manual, based on ISO27001 standards.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Phonehub IO Ltd has a formal documented Change Management process in place as defined in its ISO27001 management system. The Change Management Board (CMB) meet weekly to approve or reject requests for changes, to ensure the integrity of the process.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: For known product vulnerabilities we regularly apply all operating system and software updates. Daily automated third party vulnerability scanning using tenable.io
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Pervasive security controls with Next Generation Antivirus (NGAV); Endpoint Protection and Response (EDR); and Threat Graph
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Phonehub IO Ltd has a set of defined policies and procedures for incident management in accordance with ISO27001 best practice. The Information Security team will assess the seriousness of any situation and will take necessary action to limit any potential impact. All incidents are logged and reviewed.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Climate change is something of great importance to Phonehub IO Ltd and we endeavour wherever possible to select partners who share these same values. For example, we have selected Google as our primary cloud provider, as they are committed to achieving net-zero emissions across all of their operations and value chain by 2030 and their UK operations are on track to operate at or near 90% carbon-free energy in 2025. Similarly, we chose Amazon Web Services due to their commitment to using 100% renewable energy and their goal to achieve net-zero carbon emissions by 2040. ; ; Closer to home, we also encourage all of our team members to cycle and/or walk to work wherever and whenever possible. This not only lowers our carbon footprint, but helps encourage physical activity that is important for both physical and mental wellbeing.

  Covid-19 recovery

  Phonehub IO develop and promote local employment opportunities to support those made redundant and struggling with unemployment following the pandemic. Additionally, we work with local companies wherever possible and commit to identifying opportunities where we can support local innovation and economic recovery following Covid-19.

  Tackling economic inequality

  Phonehub IO Ltd offers all members of our team opportunities to learn new skills and encourages them to take advantage of one another’s expertise and training materials to boost their own skillset within a collaborative and supportive environment. Furthermore our applications are all aimed at helping prisoners and their families communicate more effectively. This directly supports the wellbeing of this disadvantaged group which has a positive impact on family ties, reducing re-offending, and in turn supports their future prospects for life outside the criminal justice system.

  Equal opportunity

  We prevent bias within employment by offering equal opportunities for vulnerable and disadvantaged groups; and never discriminating against any protected characteristics such as gender, race, religion, sexual orientation, disability, pregnancy, or maternity/paternity. We work with prisons to create employment opportunities for prisoners in appropriate risk assessed positions. We seek to employ neurodiverse individuals who face specific challenges in mainstream employment. The benefit is mutual, unlocking the hidden potential and unique perspectives of individuals with autism. We provide an inclusive workplace, supporting our LGBTQ+ colleagues.

  Wellbeing

  In today's fast-paced and highly pressurised tech industry, where innovation and productivity are crucial, the well-being of our team is at the forefront of our agenda and we endeavour to support all facets of their wellbeing. We encourage all members of our team to promote their physical and mental wellbeing by walking or cycling to work. ; ; We also support social and intellectual wellness by encouraging our team to work collaboratively and gain insight into new ways to expand their knowledge and skillset. Communication and collaboration are at the core of how we operate and we are, not only, committed to empowering one another to be share ideas and ask questions, but embrace individual failure as an opportunity to learn and grow.; ; As a tech company, we understand the personal growth and continuous learning of our developers is an invaluable investment for their wellbeing. When a new developer joins our team, we nestle them in a supportive and friendly group of peers who can guide them and support them in their growth and development and ensure they feel secure and confident in their role.

Pricing

• Price: £0 to £18.00 a device a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alex.redston@phonehub.io. Tell them what format you need. It will help if you say what assistive technology you use.