Research Innovations Incorporated

PRIISM Decision Advantage Platform

PRIISM is a data centric, Information platform that allows teams to cohere, coordinate, synchronise, and deconflict all forms of activity across domains and in the Information Environment. Customisable capabilities allow users to create visualisations to inform decision making and support collaborative working.

Features

• Collaborative working across the organisation to reach the common objective
• Real time analytics in support of decision making
• Integrators provide business intelligence analysis to support use cases
• Information environment analysis using scalable data analytics
• Self configurable composable workspaces provide data visualisations against user need
• User composable dashboards provide reporting capabilities for all.
• Real time reporting
• Audience analysis
• Planning and Assessment
• Monitoring and Evaluation

Benefits

• Streamline existing workflow processes
• The ways and means to cohere campaigns, operations and missions
• Understand and analyse the flow of knowledge, information and data
• Develop automated workflow using our collaborative mission manager data models
• Enabling a more effective and efficient approach to staff work
• Facilitates collaboration, planning and assessment to visualise and support Activities.
• Creating a Common Operating Picture and create situational awareness
• Improved Business as Usual processes enabling better timely decisions
• Provide operational records for historical analysis
• Monitor and evaluate campaigns

£1,287,789 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at GCloudTeam@researchinnovations-uk.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

951975431563653

Contact

Mr Ben Schleis
+447459963964
GCloudTeam@researchinnovations-uk.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: PRIISM has no service scope limitation. PRIISM capability is deployed in a fashion to support execution 24/7, 365 days per year. Performance is proven on major applications running on UK MOD, US DoD and HMS networks. Downtime for updates are scheduled with the customer to minimise any operational impact. Specific service level agreements (SLAs) are negotiated as part of a customer award.
• System requirements: Ability to cloud host within Five Eye Country

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: User Support activities and training is conducted by the full time embedded integration lead. This is included in the pricing. Through customised sessions designed around the needs of the training audience, formal scheduled events, informal specialised training and persistent mentorship through day-to-day interaction with the embedded operation integration Subject Matter Expert (SME). Integrators will be assigned to the organisation and available 9-5 5 days a week. SMEs will be proficient in all aspects of PRIISM and provide the organisation lead user with dedicated business analysis support, to develop coherent workflow processes and executed against specific operational output.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: RII has extensive experience training users on the PRIISM-CMM platform. To date, RII has provided training to more than ten thousand users globally via classroom, one-on-one, and through remote training. RII has developed workflow and methodology focused training in a variety of formats. The training line of effort will support the organisation and other relevant stakeholder-users via the delivery of effective, task-focused training.; RII will support user training via four mechanisms:; Formal, scheduled training sessions focused on primary system functions, workflows, and analyst tasks.; Informal, specialised virtual training in support of key user, out-of-cycle on-boarding.; Consistent and persistent user mentorship, over-the-shoulder training via the Integrator.; Online training based on our integrated, online training library.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Microsoft Office Word and PowerPoint
• End-of-contract data extraction: Data will be provided to the authority in usable CSV format for transfer or destruction. All data is owned by the authority. RII do not claim ownership to any data created or stored by the users or authority
• End-of-contract process: At the end of the contract, RII will make available Excel spreadsheet exports of user generated OAI content developed by the UK users. These Excel sheets will contain the final state of all user-generated objects that exist in the system at that time. In accordance with the third-party provider licences, RII will also make available zip files containing XML files with any PAI that exists in the system at the time that it was collected during contract performance.; Further, pursuant to associated Schedule Contractor’s Commercially Sensitive Information Form (IAW Condition 13) for the contract, all RII Intellectual Property and related proprietary information (such as Training Material and Data Standard Operating Procedures [SOP]) shall be returned to RII, destroyed, or disabled upon RII request at the conclusion of the contract performance period.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: As part of the existing PRIISM capabilities, the Composable Workspace capability provides operators, planners, and analysts the ability to define and adjust dashboards to view and analyse data they have permission to view. Our Workspaces provide users with the ability to specify “what data they want to view,” and “how they want to view it.” This user interaction pattern, paired with temporal, geospatial, and quantitative visualisations provide users significant flexibility in viewing and understanding key elements of data. Workspaces can be created for short term research, or setup as enduring dashboards that focus on a topic to support decision making.
• Accessibility standards: None or don’t know
• Description of accessibility: The service is available via a web based browser.
• Accessibility testing: No testing has taken place to date.
• API: Yes
• What users can and can't do using the API: User access PRIISM through web browsers. Our service does have API services, that enables, external data feeds for Information Environmentation analysis, using traditional and social media. The API is not directly accessible by end users. Users cannot configure APIs but can query external data from their composable workspaces.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: User can customise the User Interface creating their own personalised dashboard for their reporting and / or analysis needs. Our composable workspaces comes with an array of components to support the user. Our no code / low code functionality allows users to query their data as needed against a multitude of characteristics and strategies.

Scaling

• Independence of resources: System is scaled based upon user demand and initial user base plan (75 or 250) this will scaled up or down depending on use cases and demand. Concurrent users will also be scaled based upon demand.

Analytics

• Service usage metrics: Yes
• Metrics types: RII can provide the authority with analytics demonstrating usage of system down to the user level. Logs can be provided as requested. We can also provide user analysis reporting on request or regularly with status reports.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: User can freely export data via the user interface managers.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Microsoft Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Microsoft Excel
  • Word Documents
  • PowerPoint

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: PRIISM utilizes the Public Key Infrastructure for all internal and external connections and only permits users to access the system by presenting a client certificate. This certificate is in the form “soft-cert” Private Key Infrastructure (PKI) certificate. All internal communications are also secured using TLS and integrates into the hosting site's security architecture.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: We deploy reverse proxy.

Availability and resilience

• Guaranteed availability: Our help desk service will provide the user access to support, user interface administration, configuration, trouble reporting, issue resolution, and maintain a log of all end-user engagements. The data captured by the help desk is critical for the overall systems engineering and as such is an integrated part of the engineering environment and used to drive decisions on sustainment priorities, data acquisition, analytics and the near-term use-case focus of the program, and the Integrator’s overall focus. The help desk will support response criteria defined in the SLA. This is available upon request and further negotiated during the pre-award phase.
• Approach to resilience: This will be provided to the authority via secure means and is available upon request.
• Outage reporting: Integration leads can access internal dashboards that alert to issues within the system, from their continuity process begins, users and IL will replicate issues and then Ils will report them to the appropriate department for action.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: User must first access their organisations hardware through designated identity access management. RII will either issue soft certificate to ID users and their access or employ secondary keyclock user name and password.
• Access restrictions in management interfaces and support channels: We user PRIISMs Team Access Manger (TAM) this allows us to give or remove permissions on a user by user basis, we can assign roles and groups to users to enabled by our rules based access controls.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Public key authentication (including by TLS client certificate)

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Working toward CE+
  • NIST 8570.01 – Information Assurance Workforce Improvement Program
  • NIST SP 800-53 - Security and Privacy Controls
  • Defence Federal Acquisition Regulations Supplement (DFARS) clause 252.204- 7012
  • NIST-SP 800-171 - Protecting CUI in Nonfederal Systems and Organizations
  • Defence Information Security Agency (DISA)- Security Technical Implementation Guides (STIGs)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: NIST 8570.; NIST SP 800-53.; NIST SP 800-171.; Joint Service Publications 604 & 440.
• Information security policies and processes: RII is committed to working with the customer to obtain a baseline level accreditation according to that organisation's standards and protocols. In the UK RII is compliant and up to date with:; Cyber Essentials.; Cyber Essentials Plus.; UK MOD Joint Service Publications 604 and 440, whilst working toward the new Secure by Design assurance protocols. ; In addition to specific UK assurances, Internationally RII is compliant with: ; NIST 8570.01 and NIST SP 800-53 Rev. 5.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We track the top level components of the system using three digit semantic versioning. Releases contain a manifest which includes provenance and integrity information. Releases are immutable and stored in perpetuity. All sub-components contain explicit dependencies (no ranges). Build processes used to produce artifacts are semantically versioned and stored in perpetuity. Dependencies are continuously scanned against emerging vulnerabilities. Changes to the software or changes to the dependencies go through a peer review process which assesses the security impact of the changes. Changes are scanned using static code analysis and software composition analysis prior to release to assess security impact.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: RII uses a number of automated processes to assess potential threads to our services. Further, we routinely review vendor websites for security notices. We use the CVSSv3.1 score and mitigating circumstances to determine patch timelines. In the event of a severe exploit, all systems are patched ASAP. Alternatively, we deploy less severe security patches based on a rolling 1 to 2 week security patch cycle.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: RII follows the procedures prescribed by the hosting environment. These tools are mostly provided by Cloud Service Providers to monitor the hosting environment.
• Incident management type: Supplier-defined controls
• Incident management approach: We capture all incidents and their response in our Confluence site. We utilize this as a body of knowledge for incident response going forward. Further, we routinely perform after action reports (AAR)s for new incidents to refine the response process going forward. In the case of an incident affecting numerous users, incident responses are provided to the community in the form of an incident report. Users report incidents through their integrators for potentially immediate resolution. Incidents that cannot be resolved by the integrator are escalated to a production operations support staff and then back to factory for remediation.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We place a strong emphasis on sustainability across all our operations. Our office spaces are powered by renewable energy sources, reducing our carbon footprint. We actively encourage the use of subsidised public transport among our employees to further minimise environmental impact. These efforts are part of our commitment to leaving a healthier planet for future generations.; Our commitment to environmental sustainability goes beyond our immediate operations. We strive to implement eco-friendly practices throughout our supply chain. This includes working with suppliers who share our values and prioritise sustainability in their production processes. By promoting sustainable practices across our network, we aim to create a ripple effect of positive impact on the environment.

  Covid-19 recovery

  RII is committed to supporting the workforce COVID-19 recovery. As such we support a hybrid working structure that encourages employees to work from home where possible, in addition RII has set up a working from home fund to support employees purchasing office equipment that enables this hybrid pattern.

  Tackling economic inequality

  At RII, we recognize the power of diversity in driving innovation and fostering an inclusive culture. Our workforce reflects a rich tapestry of backgrounds, experiences, and perspectives. This diversity enables us to better understand and meet the varied needs of our clients and communities.; We actively promote diversity through recruitment practices that focus on inclusivity and equal opportunity. Our partnerships with organisations such as Women in Tech and our signing of the Armed Forces Covenant demonstrate our commitment to increasing diversity within our organisation and the wider community. By fostering a culture of inclusion, we create an environment where every voice is heard and valued. RII upholds the highest standards of transparency, honesty, and accountability in all our interactions. Our commitment to ethical business practices extends to our clients, suppliers, employees, and stakeholders.; We ensure that our trading practices are ethical, our sourcing is responsible, and we actively work to prevent modern slavery and human trafficking both within our organisation and throughout our supply chain. Our ethical sourcing policies include rigorous vetting of suppliers, ensuring fair labour practices, and promoting sustainable production methods.; In addition to our internal policies, we engage with industry organisations and government bodies to advocate for ethical business practices. We participate in forums and conferences to share best practices and collaborate on initiatives that promote transparency and accountability in the business sector.

  Equal opportunity

  Diversity and Inclusion: We believe in the power of diversity to drive innovation and foster a culture of inclusion. Our workforce reflects a range of backgrounds, experiences, and perspectives, ensuring that we can better understand and serve the diverse needs of our clients and communities. We have actively taken steps to support industry events such as Women In Tech, and proudly signed the Armed Forces Covenant, to further demonstrate active steps to increasing the diversity of our organisation. Community Engagement: We are invested in the communities where we operate. Through strategic partnerships and charitable donations we have supported the widening of sports participation in the Armed Forces. Throughout the year our employees are encouraged and supported to participate in charitable events that support the communities and causes they care about.; Ethical Business Practices: We adhere to the highest standards of transparency, honesty, and accountability in our interactions with clients, suppliers, employees, and other stakeholders. RII ensures that we trade ethically, source responsibly, and work to prevent modern slavery and human trafficking throughout our organisation and in our supply chain.

  Wellbeing

  RII is committed to its employees wellness, providing a multitude of benefits that support physical, mental and social wellbeing. From private healthcare which include mental health support and treatment to access to services such as 'Headspace' to promoting fitness challenges across the workforce. RII is committed and encourages and active, healthy lifestyle and positive work life balance.

Pricing

• Price: £1,287,789 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at GCloudTeam@researchinnovations-uk.com. Tell them what format you need. It will help if you say what assistive technology you use.