ID-WARE UK LTD

Photo Capture, Validation & Transformation

Capture user photos remotely seamlessly for physical and digital identity use cases, our AI driven tool validates the photo for quality and appropriateness, then intelligently conducts background removal and crops the photo down to ideal proportions for the required use case.

Features

• Manage capturing of user photos at scale
• Real time AI photo validation
• Customisable validation parameters including object detection
• Ensure appropriateness of photos for staff ID and GovPass
• Cost effective scalable image capture for a remote workforce
• Intelligent automated background removal for photos
• Administration platform for managing users and checking compliance
• Custom branding available if required
• Integration with email services such as GOV.UK Notify

Benefits

• Maximise compliance with required standards
• Reduce churn and manual intervention required for traditional capture
• Ensure readiness for large scale ID transitions such as GovPass
• Continuous business-as-usual processes for onboarding new staff

£0.80 a transaction

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@ID-ware.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

793616508222361

Contact

Business Development
02080502648
enquiries@ID-ware.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: No known constraints
• System requirements:
  • All users require a valid email address
  • By default is hosted in AWS as SaaS
  • Must be able to interface with Cipher10 Cloud environments

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 24 hour response SLA, Monday - Friday.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support packages are bespoke for the complexity of the solution. For example, a simple 'off-the-shelf' configuration will not incur additional charges, however a custom configured capability would require a custom support contract.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Training is provided online to administrators and user instruction/documentation is built in.; ; Initial setup and integration may be required depending on the user's requirements (for example Single-Sign-On)
• Service documentation: No
• End-of-contract data extraction: Users are provided with a secure storage link which contains all of their data at the end of the contract. This is valid for 30 days, after this time, or at their request, it will be deleted.
• End-of-contract process: At the end of the contract, access to the service ceases for all users with existing customer data made available for 30 days.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: User interfaces are designed to be fully responsive, however some natural variation will occur due to the different screen sizes.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Users can invoke photo validation & transformation using our API directly from their own capability. Documentation and support is available upon request. All authentication is conducted using mTLS or API Keys depending on the requirements
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The validation/transformation parameters for photos, user interface, journey and data captured can be customised upon request and subject to additional cost.

Scaling

• Independence of resources: The service is setup in a high availability, multi-AZ AWS infrastructure. This is fully scalable with appropriate rate limiting applied to user.

Analytics

• Service usage metrics: Yes
• Metrics types: Photo upload acknowledgement/attempt/success rates.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Never
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Via a secure link download upon request or through the administration function.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JPEG
  • PNG
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: SLAs are agreed on a per customer basis and is dependent on configuration.
• Approach to resilience: Under the MSaaS model, environments are hosted in the AWS London Region and customer can select a high availability option providing additional resilience. As a minimum, web servers have failover and load-balancing to over instances in 2 availability zones. Under the self-hosted model, this is the customer's responsibility.
• Outage reporting: Email and SMS alerts to nominated customer contacts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: The option is available for password-less authentication where a user is emailed a time limited, one time use code.
• Access restrictions in management interfaces and support channels: Access to management interfaces is restricted to users who have been appropriately trained and from specific endpoints via either a VPN or a Virtual Desktop Infrastructure (Amazon WorkSpaces) using an restricted allow list of IP address. Access to the AWS account is restricted to specific user with two factor authentication being mandatory. The root account is secured in line with AWS best practice.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: NSCS Cloud Security Principles are followed when deploying environments. ID-ware and AWS are both ISO/IEC 27001 certified and these principles are also followed by Cipher10.
• Information security policies and processes: Cipher10 follows NCSC Cloud Security Principles for the design of systems. For the handling of sensitive cryptographic assets including DESFire key material this HMG Information Assurance Standard No. 4 is followed. Cipher10's internal policy on handling information broadly aligns with HMG Information Assurance Standards. All staff and sub-contractors are trained accordingly and this is reviewed quarterly. Any issues are reported to the Company Director.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All configuration, patches and infrastructure changes are first deployed in a reference environment with software supply chain assurance conduct. This also applies to the underlying AWS serverless components where new versions or features are released.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The software vendor conduct software supply chain assurance for the software platform itself and release regular patches and security fixes. For the underlying infrastructure under the SaaS model, the NCSC Cloud Security Principles are followed.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Monitoring is in place on all environments using AWS CloudWatch with notifications configured in the event of incidents. In the event of potential compromise, customers will be notified and appropriate remediation will be made as soon practically possible.
• Incident management type: Supplier-defined controls
• Incident management approach: The environments used are designed for high availability and failover within the London AWS Region. In the event of a region outage, users will be notified where possible with the estimated fix. In the event of a service outage, notifications will be sent nominated users via email where possible with details of the incident and estimated time to fix.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At Cipher10, we keen to offset our carbon footprint as much as possible but doing the following:; Paperless/recycled packaging – We are a paperless company day to day and encourage as many items to be recycled as possible. This includes packaging for shipments. ; Travel – We ask all staff to use public transport where possible. All company cars are fully electric and we will do our best to use electric vehicles for any deliveries that may be required.; Remote working – We operate in a hybrid but predominately remote working style. This cuts our energy usage for office space. We also encourage online meetings to ensure that staff are required to travel less.; Carbon Credits – Cipher10 is also actively participating with carbon credits.

  Covid-19 recovery

  COVID-19 hasn’t impacted Cipher10 too greatly. However, we are ensuring that all current staff are supported and new potential staff members are considered for all positions within in the company and we will do our best to support them with any assistants they may need relating to COVID-19.

  Tackling economic inequality

  We are a rapidly expanding business which in itself if requiring us to create new job opportunities and grow as a team and company. Cipher10 is active in ensuring that we offer opportunities to people from all backgrounds and locations which we are able to do with our hybrid working style. Due to Cipher10’s area of work, we are very aware of ensuring that cyber security risks identified and managed. We are doing this by working towards automating some services where possible and using security equipment and programmes to help us.

  Equal opportunity

  Cipher10 provides equal opportunities to its staff members by offering training courses and further development to all staff. We also pride ourselves on having well paid salaries which reflect the workload and quality as well as the responsibility of the positions rather individual.

  Wellbeing

  Cipher10 ensures that all staff are comfortable working from home by asking staff to complete DSE assessments for their home working set up and providing any equipment required to make their workstation more comfortable. We also encourage all staff to take regular short breaks to rest their eyes from the computer screen. We provide private Bupa healthcare as well which covers mental health so our staff can gain help without the worry of cost. We also ask our team leaders to have regular check in’s with their teams to discuss any issues that might arise and if they are struggling with anything.

Pricing

• Price: £0.80 a transaction
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Upon request, we can grant up to 20 individuals full access to our demo environment to experience the end user capability for up to 1 week. The management interface cannot be trialled.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@ID-ware.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.