Clearview

infoboss data management

The infoboss data management software platform provides a means to collect, organise and categorise data from multiple sources into a central repository, providing data governance, quality, GDPR compliance, audit, alerting and advanced search capabilities.

Built on Elastic Search, the platform is scalable, quick to setup and very easy to use.

Features

  • Collect structured and unstructured data into one repository
  • Automated personal data categorisation, redaction and anonymisation on load
  • Interfaces to multiple data sources: e.g. databases, email, documents
  • Comprehensive audit logging and monitoring
  • Messaging API for custom interfaces
  • Simple search-engine based query and data analysis
  • Massively scalable using Elastic Search technology
  • Automate quality and compliance rules on data load
  • Control and audit data flows to external systems and partners
  • Alert stakeholders whenever an exception occurs

Benefits

  • Rapid ROI: simple setup and configuration with minimal training required
  • Deploy to private cloud or on-premise
  • Embed GDPR data protection by design and other compliance requirements
  • Improve the quality of data from data collection to analysis
  • Produce redacted GDPR data subject access request data reports
  • Easily integrate to and from other systems using APIs
  • Process data from databases, document folders, email systems and more
  • Easy to use even for non-technical people
  • Enforce GDPR data retention strategies and other compliance rules
  • Discover and act on data anomalies as they happen

Pricing

£1197 per instance per month

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

1 4 2 3 0 1 4 2 6 0 9 4 0 5 3

Contact

Clearview

Nicky Hawkins

01905 679810

nicky.hawkins@clearviewbusiness.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
None.
System requirements
None.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 8 hours business working days 9am to 5pm. There is no weekend service in the standard support offer, but can be contracted for separately.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Users can obtain support and chat with help desk personnel. They can also raise support incidents.
Web chat accessibility testing
None.
Onsite support
Yes, at extra cost
Support levels
The Clearview Support (help desk) Team provides a phone, online chat and email support service that operates a risk-based triage process to enable an agreed prioritisation for all support requests. This is based on the impact to the client and also the severity of the issue as defined by the customer reporting the issue. This risk assessment will produce a priority level that informs the resolution plan. Software issues (e.g. bugs, defects, requests for change) are reviewed and verified by the product and service teams. Once reviewed, the issue is given a severity which controls the time of a resolution.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Once we commission your software environment for you, we provide full on-site training and consultancy on the configuration and use of the system. This training is normally sufficient to enable users of the system to immediately become productive using it.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
The system has a CSV export that can be used to easily export data from the system in a structured format. Custom bulk downloads in other formats can also be provided on a time and materials basis.
End-of-contract process
The customer can export the data themselves using the CSV extract format. All other bespoke data extracts are chargeable.

Once data has been extracted prior to the end of the contract, the service is then decommissioned and the data securely removed.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Chrome
Application to install
No
Designed for use on mobile devices
No
Service interface
No
API
Yes
What users can and can't do using the API
The API is used for the import and export of data to and from the system.
It utilises the RabbitMQ messaging technology for this purpose.

Other techniques for importing data are supported such as native database drivers, document folder parsers, CSV file handlers, email system parsers and custom application API gateways such as those available via social media platforms and other SaaS based applications.

Simple export mechanisms via CSV extracts are also supported.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Infoboss is a toolkit for collecting data and running rules against that data. The data collectors can be configured to run to a schedule to constantly ingest data into the system and automate the categorisation, redaction and anonymisation of the data on load. The rules for this along with rules for quality checking, data retention and adherence to data subject rights are all configurable.

The system can be trained to monitor and report on data patterns and anomalies as they happen.

Scaling

Independence of resources
Each customer has their own virtual server environment. The software supports single node or clustered deployments. The latter affording the customer enhanced performance and resilience.

Analytics

Service usage metrics
Yes
Metrics types
A full system audit log is maintained for logins and system updates. This is accessible for all users with appropriate rights from within the software.
Reporting types
Regular reports

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Infoboss Limited

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
Less than once a year
Penetration testing approach
In-house
Protecting data at rest
Other
Other data at rest protection approach
All data that is kept in storage or backups/archives are encrypted using Azure's 256-bit AES encryption.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
There are a variety of ways of users exporting data from the system. The most popular is to use the various views configured within the system to export the data to CSV format for use within third party reporting tools.

Within the system screens can be cut and pasted to desktop productivity applications such as MS Excel, but also reports can be exported to MS Excel and PDF (and in some cases MS Word).
Data export formats
CSV
Data import formats
  • CSV
  • Other
Other data import formats
Any custom import formats are available but would be chargeable.

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Microsoft (Azure platform) guarantees external connectivity at least 99.95% of the time.
Approach to resilience
Microsoft Azure instances are stored in a regional data centre. This means that the data is stored in either the North or Western Europe region (North = Ireland, West = Netherlands) as a primary location. The servers are then replicated to the other regional data centres so that in the event of a failure or disaster, the servers will be available from the backup location.

UK data centre locations are also available.
Outage reporting
Outages are reported to our internal Azure dashboard and also emailed to our support teams for action.

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Only users that have been setup with a unique username and password within the software can log into the system. Login attempts are stored in the audit logs within the software and only authenticated users can access the system.
Access to the administration settings within the application is limited to the system administrator. Other users can only access settings and services allowed by the administrator.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
ISO Quality Services Limited
ISO/IEC 27001 accreditation date
13/11/2014
What the ISO/IEC 27001 doesn’t cover
Not applicable. All aspects of the service delivery are covered.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Clearview are ISO 27001 certificated and independently audited annually to ensure continued compliance with this standard.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Clearview host virtual servers in the Microsoft Azure network. All virtual servers are built from a basic template with only the required ports and services available. Once the Clearview software is installed on the virtual server, the remaining ports and services are then enabled for the software to function. This configuration keeps risk of attack to a minimum. Clearview regularly reviews service performance and reviews recommendations arising from monitoring of the virtual servers. Any issues arising are developed into an action plan and delivery tracked through our own action management software.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Clearview employee a third-party Microsoft Azure specialist company to monitor the virtual servers hosted in the Microsoft Azure network. The third-party company assess and monitor the servers for vulnerabilities and operating system patch management. This is reported back to Clearview through regular meetings, email notifications and support ticketing systems. New virtual servers are deployed with the latest operating system security updates and hot fixes along withthe latest versions of the Clearview software.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Clearview outsource the monitoring of the Azure servers to a third-party Microsoft Azure specialist company who proactively monitor the servers.
If an issue is identified the following broad process is followed.
- identification
- Containment - ensuring data is safe
- Eradication
- Recovery - includes application of fixes
- Lessons learned.
Alerting of an issue may happen straight away. The response is then governed by the support SLA which is within a working day.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Clearview outsource the monitoring of the Azure server to a third-party Microsoft Azure specialist company who have their own incident management process. This essentially flows as below...
- identification
- Containment - ensuring data is safe
- Eradication
- Recovery - includes application of fixes
- Lessons learned.
Users report incidents via our help desk and for all user reported incidents a full report is provided at the end of the process. Whilst in progress updates on current status is provided via the help desk.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£1197 per instance per month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Demonstration system and data available via a public cloud service. With supporting notes to explain how to use. Trial available for one month.

Service documents

Return to top ↑