SVGC Limited

Digital Sensitivity Review Toolset

Digital Sensitivity Review (DSR) Toolset processes digital files to ensure sensitive content is redacted. DSR toolset uses COTS tools with bespoke development and AI logic to pre-identify sensitivities and indicate redaction suggestions for rapid Curator review and approval before automatically packaging files with metadata for transfer to archive or consumer.

Features

• Digital files Assessment: integrity, assurance and duplication
• Digital files Selection: Multi-format file conversion and normalisation
• Digital files Sensitivity Review: AI auto-redact
• Digital files Packaging: file transfer metadata and secure transmission
• Full text extraction with integrated OCR capability
• Prevention of mosaicing of digital media files
• Suite of fully-automatable Digital Assistants safe release digital material
• Transparently supports over 250 modern and legacy digital file formats
• Integrated modified COTS with leading-edge AI/ML to auto-identify sensitive content
• Indentified sensitivities actioned automatically or passed to expert for verification

Benefits

• Speedy digital data sensitivity review and redaction
• Reduction in redaction Curator team workload
• Tuning for alternate digital data identification
• Fully automatable digital sensitivity review system
• Automatic detection of sensitivities across all documents
• Fully automated redaction ability
• Web based tooling
• Open standards compliant, fully extensible and customisable
• Automated packaging and transfer to TNA
• Pan department consistency

£65,000 to £1,200,000 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial@svgc.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

947588394649106

Contact

Ms Julia Campbell
01747820900
commercial@svgc.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Standard office hour support. Standard service offering unless tailoring requested. Enhanced support by arrangement.
• System requirements:
  • Availability and accessibility of data
  • Agreed approach with TNA for digital handling
  • Agreed approach on sensitivity reviewers / Curators
  • Establishment of risk appetite and classification of data protocols
  • Purchase of licenses per concurrent user basis

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: 8 hour maximum response. Office Working hours only; same day or next office day.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We have experience of applying assistive technology support tools across a range of Windows based application projects. We make use of WCAG compliant chat interfaces in order to ensure assistive technology users are able to make use of commonly available and familiar assistive technologies such as Narrator, Magnifier, Closed Captions and Windows Speech Recognition to support users across the disability spectrum.
• Onsite support: Yes, at extra cost
• Support levels: The DSR service currently provides only one level of support, within working office day service hours. A Technical Account Manager is provided to support the service. An IT Service Manager is provided to support the service. Additional service levels are negotiable.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The service solution provides: On-Line User Documentation; Training Course for users and Curators; Help-Desk Support
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: The users redacted data files will have been archived in The National Archive. For Private Cloud and On-Premis solutions, the data will be securely transferred via secure hard disk to the client. For Secure Public Cloud solutions, the service will be owned by the client and all admin privileges will be handed over on formal transfer of service.
• End-of-contract process: The contract includes establishment of the service solution, including data warehouse (Private, On-Premis, Cloud as required), Client-Server applications, local set-up and configuration, network set-up, client application set-up, solution administration, user training and support, On exiting the contract, responsibility for all solution components and administration and support of the solution will transfer to the client support team. A follow-on external service support arrangement may be available separately.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The DSR application suite operates on mobile but is not tuned to mobile delivery. Application use will be constrained by mobile screen size and layout and page loading speed due to varying mobile network speeds and connectivity.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: A service interface is published to invoke the service from an external application. The DSR toolset is comprised of several "Digital Assistants" which give users access to a particular aspect of the system. All assistants are accessed via a web interface offering a common approach across all UIs.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Extensive testing with screen reader software and testing with users having Colour Vision Deficiency (CVD).
• API: Yes
• What users can and can't do using the API: The APIs available enable multiple component software internal modules to deliver the Assessment, Selection, Sensitivity Review, Packaging and delivery de-sensitised files. RESTful Open APIs are available for all major features of the DSR process. This enables rapid automation, customisation, extension or integration of 3rd party components. The toolset is wholly modular and extensible by design. Each major component is integrated via its published API allowing rapid technology insertion.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can customise the interface for data file sensitivity review, to better support their work focus, through menus and click-downs. All key aspects of the system are configurable through standard configuration options. These are used to enable/disable/customise application features. All data processing and analytics are configurable through policy specifications which describe which policies should be applied as part of processing. There are a core set of policies or they can be created, edited or extended. Data Processing pipelines can be defined to control how files are processed, hashed, converted, analysed. The solution also allows for the presentation of sensitivity review to be customised in fonts and colours. The built-in features for dealing with digital duplication or ’Mosaicing’ of digital media files can also be customised.

Scaling

• Independence of resources: Each service solution is established in its own architectural environment for that department or agency, with a Feasibility Study conducted prior to any given deployment to fully define, design, resource and price the deployment. As the forecast of deployments increases, the delivery team expands and trains to ensure the availability of key delivery resources is managed over time.

Analytics

• Service usage metrics: Yes
• Metrics types: Users can access a range of dashboard metrics on files available and in review, files redacted, files packaged and files transferred. Detailed and aggregate statistics about the digital records held, their state, status, and progress through the DSR process are available.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users export their redacted / de-sensitised data through the solution to The National Archive or another data facility, through the application suite facilities.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • All commonly used digital data file formats including
  • XLS
  • XLM
  • DOC / DOCX
  • PDF
  • RTF
  • CSV
  • TXT
  • MSG
  • PPT / PPS
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • All commonly used digital data file formats including:
  • XLS
  • XLM
  • DOC/DOCX
  • PDF
  • RTF
  • CSV
  • TXT
  • MSG
  • PPT/PPS

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The DSR toolkit service has SLAs in place for service uptime at 99.95% uptime during business hours (8 am to 6 pm) with reduced availability availability outside those core hours. Users are refunded through service credits where a discount is provided on service fees where the service fails to meet the performance standards set in the agreed Service Level Agreements.
• Approach to resilience: The DSR toolkit service business incorporates business continuity planning with dedicated systems administration staff to protect DSR managed data and manage and recover lost data assets in the event of a breach or failure. Further details available on request.
• Outage reporting: DSR toolkit service outages are reported by the Data Centre administrator on alerts through the Data Center Monitoring service provided by the client On-Premis private Data Centre or Cloud Monitoring service, presenting email alerts to administrators, for forward notifying to users.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: The DSR toolkit service has user access restrictions applied to user accounts to only allow users with management information needs to have privileges for access to management toolset controls and reporting. Role-Based Access Control is established via OAuth, an open standard authorization framework for token -based authorisation. Users can be federated from existing LDAP or Active Directory infrastructure or via locally configured accounts.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: DSR toolkit service follows the security policies which are prescribed by the department or agency which the DSR service operates within; the Feasibility Study, central to the design and establishment of the service, will establish the security policies to be operated against. The Deployment Plan will indicate the information security policies and processes that are to be followed in that specific installation for that department or agency. The reporting structure, shared across client and service team, will be defined on that case by case basis.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The DSR toolkit service Change Management process allows the formal requesting, monitoring, tracking, change and testing of changes to the DSR infrastructure and service provision. Commencing with a Requesting For Change (RFC) requirement, change requests are reviewed by client / delivery team stakeholders with test criteria, prioritisation and security assessment, approved if acceptable, and a project task created for developing the changes. On task review and approval, changes are planned and scheduled into a Test Environment build, and on successful test approval, scheduling the implementation of changes to the live service, when the change is closed.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The DSR toolkit service is vulnerability managed in close cooperation with the department or agency IT and Security teams through an ongoing regular process on identifying, tracking, assessing, reporting , managing and remediating cyber security vulnerabilities across endpoints. department or agency IT and Security teams team will typically use a vulnerability management tool to detect security / threat vulnerabilities and apply in-house processes to remediate them. Relating to the DSR software application, software bugs are reported through the service support chain to the application systems administrator for bug investigation and resolution; immediate or scheduled depending upon severity.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The DSR toolkit service is protection monitored (pm) to oversee security protection of the service. Working in conjunction with the department or agency client ICT team, the scope of the protective monitoring system is agreed in relation to the delivery of the DSR service. Suitable pm tools are applied and data collected and logged centrally across monitored systems. Real-Time alerts are configured significant critical events and suspicious activities e.g. abnormal user behaviour including login failures, network traffic divergencies and system process anomalies. Detection and response procedures are applied for investigation, escalation and management. Routine security reviews are scheduled.
• Incident management type: Supplier-defined controls
• Incident management approach: The DSR toolkit service is incident managed in conjunction with the department or agency client ICT service support team and utilises the client in-house hosted incident service tool and processes. Typically this provides for Incident Detection, Reporting and Logging, an assessment of impact and severity of the incident and assignment of ownership; either host client or DSR supplier. Investigation and Diagnosis precedes mitigation and/or resolution, with changes to be communicated. Noting changes require review and approval (see Change Management above).

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Public Services Network (PSN)

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  The DSR toolkit service ensures equal access to the digital data generated by government agencies and departments, with sensitive information appropriately removed, for submission to the The National Archive, allowing all members of society access as needed, for whatever business they may have, in support of equal opportunities.

Pricing

• Price: £65,000 to £1,200,000 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A DSR toolkit 90 day trial provides a limited version of the toolset allowing users to experience the product and understand its rich features, capabilities and value before making a decision to procure. The trial is supported by a trial user introduction guide and comes set-up with some demonstration examples.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial@svgc.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.