Internet Investigation Solutions Ltd

Long Arm® Platform with Secure Misattribution and Associated Services

Long Arm®, is a platform for secure online investigation, open source research, and evidential capture. Our fully audited platform empowers investigators to operate on the internet with a managed digital footprint, and to capture and produce content to an evidential standard. Our Collaboraite® capability enables data & AI exploitation.

Features

• Misattributable Internet Access
• Mobile Phone Emulation
• Dark Web
• i3 Toolkit
• Case Management and Evidential Capture
• Online Investigation and training
• Virtual Sims
• Audit & Reporting
• Collaboraite® AI and Machine Learning
• Managed attribution

Benefits

• Auditable
• Evidential
• User Friendly
• Continuous Development
• Law Enforcement / Government Agencies only
• PASF Approved Hosting
• Remote Working
• Secure
• Compliant
• Integrated Access

£305 to £1,000 a person a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contracts@ii-solutions.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

931321030535537

Contact

Claire Pickup
0344 247 0115
contracts@ii-solutions.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Collaboraite AI Engines, ; Collaboraite DB, ; Voixtel Cloud Telephony Services.
• Cloud deployment model: Private cloud
• Service constraints: N/a
• System requirements:
  • Windows, MacOS, Android or IOS Operating System
  • Internet Connection
  • Anti-Virus
  • Supported Web Browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times are determined by the severity of the incident and graded by the end user. See the service definition document for further information.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is fully inclusive within the contract.; ; Each customer is provided a dedicated technical account manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Customer will work with our Technical Team and an Installation Guide will be produced. New User creation shall be via the Service Desk or Self Managed Admin Portal. Our community page provides users with guides and video examples of how to use the system. Formal training is available at an additional cost.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: User's are able to extract their data at any time through the system portal provided.
• End-of-contract process: The Exit Plan for the end of the Contract is:; (1) The access and use rights to the Long Arm® Solution granted to the Buyer shall cease;; (2) The Buyer shall immediately pay the Supplier any sums due ; ; (3) The Supplier will remove the Buyer’s access and use rights from the Long Arm® Solution within 14 working days, this purges any saved data from the platform.; (4) Any evidence available on the Evidence Portal must be exported securely. The Buyer can initiate a download of their data via the Evidence Portal.; (5) Any Audit Logs for the Buyers userbase will be securely removed. The audit log retention is set to 30 days and the system automatically purges any audit logs from the platform.; (6) Secure deletion/destruction of user management credentials.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Screen size and font size
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: No
• Customisation available: No

Scaling

• Independence of resources: When a user logs into Long Arm® their session is load balanced against a pre-set criteria to ensure they have the necessary resources available for their session. The back end infrastructure scales up and down automatically depending on the demand. This ensures that there is sufficient capacity for when it is required.

Analytics

• Service usage metrics: Yes
• Metrics types: User Activity;; Usage Activity
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users extract data via the Long Arm® Evidence Web Portal.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • Microsoft Excel Open XML Spreadsheet
  • Microsoft Word
  • Portable Document Format
  • .JPEG, .PNG, .BMP
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Microsoft Excel Open XML Spreadsheet
  • Microsoft Word
  • Portable Document Format
  • .JPEG, .PNG, .BMP

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The guaranteed level of availability is 99.5% this does not include planned maintenance windows which may be required from time to time. Customers are responsible (unless otherwise agreed) to ensure sufficient resilience and scale of any inter-connectivity between the customer and the IIS Cloud is available to achieve this target.; SLA's can be found in the service definition document attached
• Approach to resilience: The IIS Cloud is a highly resilient infrastructure, although not publicly available further information can be obtained directly by contacting info@ii-solutions.co.uk.
• Outage reporting: Email alerts are generated to report any outages. On-going updates are provided throughout the outage as detailed in the service definition document.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Management interfaces are in a separate physical network, with access from a jump-down device, requiring 2FA. Each support personnel has their own unique login with the required roles assigned, and all access is logged.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 22/09/2022
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: All areas of our platform and management networks are covered
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cloud Security Alliance CCSK
  • CESG CCP
  • PASF

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: CSA CCM version 3.0
• Information security policies and processes: We maintain the following policies:; ; GDPR/Data Protection, Patching, Incident Management, Business Continuity, Information Security and AUP, Risk assessment and Change Management, Cloud Security Principles. ; ; Each of our policies and procedures follow the criteria set out in CSA CCM or equivalent standards

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Changes are documented and risk assessed. Changes under a specific risk value are permitted and scheduled in, changes with higher elements of risk are reviewed by the Change Advisory Board and approved or sent away for further investigation.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: A strict patching policy of 24 hours for critical security updates and a maximum of 1 week for information and functional updates is adhered to.; Weekly change logs of the environment from internal and external systems are taken to spot any issues and changes.; Several feeds are used for update notification, including a nightly inventory of all software and firmware using a 3rd party tool which takes update feeds from the manufacturers, and security feeds from NCSC and the security/software providers are used.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: A reactive system of monitoring is used, including agents on each device capturing all relevant logs and feeding into a SIEM platform. The system creates tickets and assigns to support staff for actioning, and reactive measures modify security systems based on feeds from Threat Exchange systems in real time.; Host based intrusion detection is present, as well as file/registry changes, and anything deemed a risk or unexpected creates a job in real time for the SOC Team to action, resolve and close.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: All users can report incidents via phone/email or on the online community. A full incident response plan following the CISR guidance from Crest, and is available on request.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We are dedicated to combating climate change through various initiatives: Reducing Carbon Footprint: We prioritise energy efficiency by optimising data centres, adopting energy-efficient technologies, and implementing smart building management systems to minimise energy consumption. Waste Disposal and Reduction: We operate as a paperless office, segregate waste for proper disposal and recycling, and adhere to regulations for electrical waste disposal. Green IT Practices: Our technology development focuses on energy-efficient software, cloud-based services, and virtualisation to maximise resource utilisation. Reuse and Recycling: We responsibly dispose of IT equipment and office waste, often donating discarded furniture and equipment to local charities. Sustainable Procurement: We promote ethical procurement, purchase recycled products, and collaborate with suppliers who adhere to sustainable principles. Remote Working and Travel Reduction: Our Remote First Strategy minimises travel needs, enabling staff to work from home, utilising public transport, car sharing, and offering a Cycle to Work Scheme. Sustainable Training Solutions: We conduct virtual training sessions for courses where classroom-based activities are not essential to reduce the need for participants to travel and can offer training at a customer’s site to minimise travel and reduce carbon emissions.

  Covid-19 recovery

  Our company is dedicated to aiding organisations in recovering from Covid-19 impacts through community empowerment, local procurement, supply chain collaboration, charitable partnerships, volunteering, and education and training support. We create employment, training, and educational opportunities for local residents, procure goods locally, collaborate with supply chain partners, support charitable partnerships, encourage volunteering, and offer education and training support.

  Tackling economic inequality

  We are dedicated to addressing economic inequality, employs a multifaceted approach aligned with government priorities and our Social Value Policy, supported by our Sustainability Strategy. We target social exclusion by providing employment, education, and training opportunities for underrepresented groups, ensuring equal opportunities for all through our Equal Opportunities Policy and flexible working arrangements. Economic empowerment is achieved through local procurement, creating jobs in sectors like secure technology, and fostering partnerships with charities to benefit local communities. We promote environmental sustainability by reducing carbon emissions through remote work and public transport options. Efficient resource management and recycling practices contribute to sustainability, supported by our Sustainability Working Group. Aligned with government initiatives, our strategies focus on creating businesses, jobs, and skills while addressing climate change and promoting supplier diversity. The leadership of our Sustainability Working Group emphasises our commitment to socially responsible business practices, thereby contributing to the overarching objective of addressing economic inequality.

  Equal opportunity

  We are deeply committed to advancing equality within our organisation and the broader community. Our Equal Opportunities Policy ensures fair treatment for all employees and potential recruits, regardless of various factors. We actively recruit and support disabled individuals, holding "Positive About Disabled People" employer status and being a member of "The Disability Confident Scheme". We cultivate a discrimination-free environment, empowering employees personally and professionally. We comply with UK legal requirements and social responsibility commitments by addressing social exclusion, developing local talent, providing ongoing training, offering flexible work arrangements, promoting employee well-being, and supporting veterans. Through these efforts, we not only fulfil legal obligations but also contribute to a fairer society and foster a workplace culture of inclusivity and diversity.

  Wellbeing

  We prioritise employee wellbeing through proactive and inclusive measures, fostering a supportive environment. Initiatives include:; Employee Assistance Programme for confidential counselling; Mental Health Support with trained first aiders and additional resources; Promotion of Healthy Lifestyles such as the cycle to work scheme; Flexible Working Model supporting work-life balance; Investment in Training and Education for skill development; Workplace Ergonomics for comfort and safety; Health and Safety Initiatives ensuring a safe environment; Employee Recognition through a reward programme; Community Engagement and Volunteering Opportunities; Employee Social Events for relationship-building and relaxation.

Pricing

• Price: £305 to £1,000 a person a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We offer a free of charge trial for 4 weeks, 5 Users. Terms and conditions apply.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contracts@ii-solutions.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.