BECHTLE LIMITED

Chainanlysis Reactor

Explore. Investigate. Take Action. Reactor is the investigation software that
connects cryptocurrency transactions to real-world entities. Examine
criminal activity, such as the movement of stolen funds, as well as
legitimate activity like flash loans and NFT transfers.

Features

• Reporting
• Forensic Tracking
• SOC 2 Certified
• Comprehensive Scanning
• Real time Scanning

Benefits

• Understand real world activity
• Follow the money
• Trace transactions across blockchains
• Build a narrative to present your case

£55,000 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector.uk@bechtle.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

721145525030910

Contact

Public Sector
01249 467900
publicsector.uk@bechtle.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: There are other modules which include; Transaction Monitoring for compliance; Cryptocurrency benchmarking for risk analysis; Market Intelligence for investors; Customer intelligence module
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • Access to the internet
  • Access to a Firefox / Chrome browser

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Response within 4 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Via a dedicated web portal
• Web chat accessibility testing: None
• Onsite support: Yes, at extra cost
• Support levels: We can provide Mon / Fri 9am -6pm UK local time; there is an option to upgrade to 24 x 7 x 365 on Gold and Platinum support; upgrades; this is dependant on the number of users; There is a technical account manager available for users to help resolve; issues quickly
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Advice on configuring through API can be given through our technical help; desk
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: All data is downloadable from the system up to the termination of service
• End-of-contract process: Customer is given notification at 90 , 60 and 30 days. together with; instructions to activate a continuation or how to download any required data before the end of contract

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The application scales to improve user experience when accessing from a; mobile device
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: Advice on configuring through API can be given through our technical helpdesk
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: This is a dedicated resource , with built in scaling and N+1 availablity shared; across datacentres

Analytics

• Service usage metrics: Yes
• Metrics types: Users contact the support team to get audit information
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Chainalysis

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data is exported ,with a dedicated export function that allows the data format to be specified
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • PDF
  • XLS
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.9% Availability
• Approach to resilience: N+1 availability across multiple Datacentres
• Outage reporting: Via a dedicated email to System Admins

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Password enforcement and 2FA
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NIST
• ISO/IEC 27001 accreditation date: TBC
• What the ISO/IEC 27001 doesn’t cover: TBC
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Chainalysis is currently SOC 2 Type Certified

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: There is and Information Security Policy within Chainalysis, and it is made; available to staff. In order to protect our internal policies and customers we; no longer share these documents externally. Further information can be; given under Non Disclosure

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Undisclosed
• Vulnerability management type: Undisclosed
• Vulnerability management approach: As the services is hosted in AWS. Amazon Inspector is an automated; vulnerability management service that continually scans AWS workloads for; software vulnerabilities and unintended network exposure.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Undisclosed information available under NDA
• Incident management type: Supplier-defined controls
• Incident management approach: We have an internal process defined for incident reporting.; Reports are made directly to our security and compliance team from internal; or external sources.; Each incident will be assessed based on severity and impact.; reports will be provided for incident will feature time / date of incident; Severity , sensitivity of data and level of impact.; Severity ratings range from 1-4 with severity 1 incidents on a 1 hour to; respond SLA regardless of customers support level

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Chainalysis has implemented an equal opportunities policy in line with the Equality Commission's guidance, ensuring non-discrimination across various demographics including disability, age, and sexual orientation. Regular policy reviews and staff training are part of their commitment to equal opportunity

Pricing

• Price: £55,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: The trial service is by Invitation based on an end user enquiry; The service will be enabled and a technical support will be allocated to work through and demonstrate the service and will be provided for 1 month with an option to extend

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector.uk@bechtle.com. Tell them what format you need. It will help if you say what assistive technology you use.