Biometric enrolment for identification and visa systems
Flexible and intuitive biometric enrolment for identification and visa systems solution, offering self-service, on demand, pop-up and agent-managed biometric capture. Our biometric system includes facial recognition software providing multi-function biometric capture capabilities, automated ID check and tri-scan of passport documents. Visa system biometric enrolment compliant with biometric data security standards.
- Biometric solution built using high performance biometric system components
- Ten-print fingerprint enabled software security solution, ISO27001 & ISO9001 certified
- Robust and ergonomic biometric system conforming to the equality act
- Case Management System for the collation of biometric data
- Unique record for each applicant, linked to the UAN provided
- Workforce management, Document scanning and Management Information suites
- API includes detection/recognition algorithms optimised for different image types
- API gateway for exchanging biometric capture data with the Authorities
- Biometric system database services with TDE data encryption
- Online Services based on Java, Angular.js and Node.js
- Reliable and Simplified Technology and Process with tailor-made workflow
- Highest control by utilising modular biometric software and configurable parameters
- Accurate ten-print fingerprint biometrics, digital facial images, signature, passport MRZ-data
- High quality biometric peripherals and lighting within Service Points
- Fully compliant with industry standards for biometric data security
- All data is encrypted, both at rest and during transmission
- All biometric capture devices (including portable) have disk encryption
- Core Palo Alto firewalls handling VPN termination
- 24x7 remote monitoring of the online biometric capture devices
- Trusted supplier of biometric systems to the Ministry of Justice
£1.95 to £3.50 per person
- Free trial available
Unilink Software Ltd
020 7036 3810
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||The service has been designed to limit constraints, however, the service constraints will be largely dependent upon the client's chosen G-Cloud PaaS Hosting Provider|
|Email or online ticketing support||Email or online ticketing|
|Support response times||1 hour but normally less. Users can log their support calls using the online portal and review their current status. Users cannot change their ticket priority, as this is determined by Unilink. Typically users do not use the online portal, rather they submit issues via email to the 24/7/365 Unilink helpdesk. This results in an improved service as any fault is correctly categorised and therefore resolved more quickly.|
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||Web chat|
|Web chat support availability||24 hours, 7 days a week|
|Web chat support accessibility standard||WCAG 2.1 A|
|Web chat accessibility testing||Chat testing was performed during the development stage and continually refined through user feedback from over 60 successful deployments.|
|Onsite support||Onsite support|
Service Support is offered through UK-based security cleared staff working within a ITILv3 Service Support model.
Service Level Agreements are negotiated directly with Unilink to achieve customer objectives of service availability, recovery time and backup objectives.
The Unilink Service Desk is the principal point of contact for all service users. Unilink currently provides ITIL aligned support services to Sodexo, Serco, G4S, Hampshire Constabulary and several other Police Forces, working closely alongside other outsourced Service Providers. This functional service is responsible for the Incident Management process and is also a key communications point for receiving and disseminating operational information to Unilink’s customers. Unilink is very experienced in working alongside customer Change and Release teams to deliver a seamless managed Service.
Support is provided through a combination of Service desk, Email, Phone, Live chat and Onsite.
“Unilink’s support has been second to none….I wouldn’t have any hesitation in recommending Unilink” – Ian Malkin, Security Key Advisory
|Support available to third parties||Yes|
Onboarding and offboarding
The service is designed so that the on-boarding of customers can be completed within two or three months of the commencement date. The technical installation can be completed in a few days but it is the services, training, planning and infrastructure development that takes the time.
In addition to standard training and documentation, online hosted videos describing CMS are available over WebEx or over Unilink’s YouTube channel. With each establishment implementation, Unilink also provides chargeable onsite training to meet standard customer needs.
Consumers are required to: Provide code Lists and other configuration information for on-boarding; Set up information sharing agreements with third parties for data feeds. Work with Unilink to achieve necessary security accreditation objectives.
|End-of-contract data extraction||At any stage, user representatives are able to download case information to local storage and archive.|
|End-of-contract process||The service can be terminated with one month’s notice. Hosting charges would be dependent on the length of time that data is retained on the Hosting Service. On notification, Unilink, in conjunction with the G-Cloud PaaS Hosting Provider, will delete, purge and destroy all information from the application and permanently remove it. At any stage, user representatives are able to download case information to local storage and archive. There are no termination costs.|
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The service has been optimised for mobile, desktop and secure kiosks|
|Accessibility standards||WCAG 2.1 A|
|Accessibility testing||The service was tested at design stage and has been continually refined based on feedback from over 60 successful deployments.|
|What users can and can't do using the API||
Outline API functionality:
Automatic creation of the prisoner record in CMS Reception once the prisoner has been admitted in NOMIS to the relevant prison
Automatic discharging of the prisoner record from CMS Reception once the prisoner has been discharged in NOMIS from the relevant prison
Real time finance transaction interface; all NOMIS transactions transferred to CMS in real time. Canteen spends and canteen refunds in CMS transferred to NOMIS in real time
Prisoner employment pay amounts are transferred from CMS to NOMIS in real time
Adjudication punishments (loss of canteen and loss of earnings) from CMS to NOMIS in real time
IEP level and personal officer information imported from NOMIS in real time and displayed in CMS self-service kiosk..
API functionality enables:
On-boarding of live roll from PNOMIS when a new Digital Prison in brought on line.
Live roll information will be updated from PNOMIS to CMS (including events, alerts, residence, IEP, Responsible Officer).
Any finance account information changed/updated on PNOMIS will update account information held on CMS.
Any canteen spends on CMS will update/change financial balance on PNOMIS.
Any pay related scheduling (i.e. paying a prison for work) will be pushed back to PNOMIS to update their financial balance.
|API documentation formats|
|API sandbox or test environment||Yes|
|Description of customisation||
Every implementation is customised to ensure that it dovetails with each client's site-specific processes and procedures.
The Visits System is fully configurable and allows creation of custom visits rules to match establishment visit requirements. Some of these configurable features are:
Nominal and visitor warnings which prevent inappropriate visits from being booked e.g. for child protection. For instance, the system will not allow a visit to be booked with an approved child visitor unaccompanied by their guardian. The age below which one is considered a child can be set by the establishment.
Ability to ban or approve visitors, either individually or globally.
Allows definition of prohibited and allowed visitor property
Information on booked visits can be displayed to the security and visits officer at the visits gate and visits hall, as well as in the visits reception on visitor entry. The system has a fully searchable database with an integrated report writing tool, enabling intelligence gathering on detainees and visitors.
|Independence of resources||
The service has been carefully architected with planned scaleability to ensure that users are not affected by the demand that other users are placing on the service.
The product is widely used with over a billion transactions alone; one site alone does more than a million detainee transactions per month. Hence, the product is well-tested, reliable and has been continuously developed since 2007.
|Service usage metrics||Yes|
|Metrics types||Service Metrics can be provided to clients based on their specific requirements|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||
|Other data at rest protection approach||
Secure containers, racks or cages
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||At any stage, user representatives are able to download case information to local storage and archive.|
|Data export formats||Other|
|Other data export formats||User defined|
|Data import formats||Other|
|Other data import formats||User defined|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||99.99% Availability. Service Level Agreements are negotiated directly with Unilink to achieve customer objectives of service availability, recovery time and backup objectives. Financial Recompense Models covering the circumstances in which Service Levels are not met are negotiated directly with Unilink.|
|Approach to resilience||G-Cloud PaaS Hosting Providers will provide Backup and Restore Services at the Centre /Agency level. These arrangements will be negotiated and captured within Service Level Agreements. Further, G-Cloud PaaS Hosting Providers will be required to provide Disaster Recovery Services. Again, these arrangements will have to be negotiated and captured within Service Level Agreements. Unilink is an ISO27001 and 9001 accredited organisation and has full continuity management plans which have been independently audited. The company operates out of two available secure premises with redundancy built into systems, infrastructure and staffing. In the event of any disaster, Unilink will be fully operational within 24 hours. Further information is available on request.|
|Outage reporting||Service outage reports are provided via both a public dashboard and email alerts.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
User access control within management interfaces and Administrator permissions are subjected to the following identity and authentication controls:
Username and two-factor authentication
Limited access over dedicated link, enterprise or community network
Username and strong password/passphrase enforcement
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users receive audit information on a regular basis|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BSI|
|ISO/IEC 27001 accreditation date||08/07/2017|
|What the ISO/IEC 27001 doesn’t cover||Both the company and the Digital Marketplace Services are covered within the scope of our ISO/IEC 27001 accreditation|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||Unilink is ISO 27001 and 9001 certified and is audited by BSI. Our services are designed to manage data at the IL3 level, and as a result require hosting in an appropriately accredited G-Cloud PaaS Data Centre. For example, the service can be securely hosted by SunGard or UKCloud, or other hosting partners with whom Unilink has relationships. Unilink’s test and development networks are accredited to IL3 level and can hold production data for a temporary period on a secure network. Data is destroyed after use, using approved procedures and protocols. All support and development staff are SC cleared, BD staff are cleared to CTC and the Unilink offices in Hampshire and London are physically secure and audited.|
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||Unilink is an ISO 27001 accredited company that uses ITIL change management processes.|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||Unilink employs independent security consultants and work closely with supply chain partners such as Microsoft and Cisco to assess potential threats and implement mitigation measures including emergency patch deployment where advised to do so.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Protective monitoring processes are defined in conjunction with the client to take into account their security controls|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Security Incidents may be reported to our help desk (Service Desk) via Vendors, Customers or in-house staff. Incidents are then categorised (event severity and priority). Significant or severe events are escalated to the Service Desk Manager and are continually reported on until resolution.
Post incident reports are made available to clients within 24hrs.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||Yes|
|Other public sector networks||Other|
|Price||£1.95 to £3.50 per person|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||The service is available for up to six months free of charge to one establishment for use on a trial basis. All such trials are individually discussed due to the operational implications.|