Phonehub IO Ltd

Prison Video "Virtual Visits"

Prison Video is a secure purpose-built video call system enabling fully-monitored "virtual visits" between prisoners and approved contacts, either social or professional.


  • Real-time high-quality secure video calls for prisoners
  • Live monitoring, recording, and control interface for prison staff
  • ID verification of external parties
  • Voice analysis with participant age and stress detection
  • One-way video option for high-risk/notorious prisoners
  • Accessible on mobile device at pre-approved locations
  • Integrated video call booking system
  • Secure locked-down tablets for use within prison
  • Secure short-range wifi network with secure routers
  • Can be integrated with existing prison systems


  • Enables enhanced communication for families who are unable to visit
  • Can be used with offender managers, solicitors, medical consultations
  • Calls can be controlled and monitored by staff where appropriate
  • Highly flexible and customisable to meet specific security needs
  • Minimal cost to prison, low resource-requirement
  • Intelligent monitoring automatically flags issues for monitoring staff
  • Monitoring staff can efficiently monitor multiple calls simultaneously
  • Integrated booking system automatically schedules calls
  • Strengthens family ties in line with the Farmer Review recommendations
  • Affordable for families and legal contacts


£0 to £20000 per licence per year

Service documents

G-Cloud 11


Phonehub IO Ltd

Kieran Ball


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints None
System requirements
  • Compatible with most Android and iOS devices for external user.
  • Monitoring system uses web interface on PC or laptop (supplied).
  • Prisoners use locked-down secure Android tablets (supplied).

User support

User support
Email or online ticketing support Email or online ticketing
Support response times During normal business hours we aim to respond within 2 hours.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Phone and email support goes directly to senior management within our team. All queries responded to rapidly. Technical support available within similar timeframes.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite installation and training is provided for prison staff and management. Detailed documentation is included for reference, including training videos.
Documentation and instruction materials are provided for end users, including video guides.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Prison staff can, if required, extract data on video calls, including recordings, via the monitoring interface.
End-of-contract process Equipment not owned by prison is returned to the supplier. Mobile app functionality is disabled for that prison.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Firefox
  • Chrome
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Professional users can use the service from their work laptops. Social users can access it from their mobile device via an app. Both methods are similar in user experience.
Customisation available Yes
Description of customisation Prison Video can be customised on an individual establishment basis or an individual prisoner basis. High-risk populations such as sex offenders may have additional restrictions applied, including participant age detection and flagging, enhanced identification requirements, additional terms-of-use agreements at either end, and one-way video feeds. High-risk prisoners may also have customised restrictions in place. Restrictions can be managed by prison staff.


Independence of resources The nature of cloud software means that the service capability grows as the user base grows. All hardware and network connections are chosen to be highly scalable.


Service usage metrics Yes
Metrics types Number and duration of video calls by time period.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Less than once a year
Penetration testing approach In-house
Protecting data at rest Other
Other data at rest protection approach Devices used within prison have full-disk encryption.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Prison staff can export video recordings and data from the monitoring interface.
Data export formats
  • CSV
  • Other
Other data export formats
  • Video files.e.g MP4
  • Audio files
Data import formats Other
Other data import formats N/A

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Users are refunded if the service does not function as promoted through a fault of the service provider.
Approach to resilience Available on request.
Outage reporting Email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Two-factor authentication required to access management interfaces and support interfaces.
Access restriction testing frequency At least once a year
Management access authentication Identity federation with existing provider (for example Google Apps)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Security Metrics
PCI DSS accreditation date 18/02/2016
What the PCI DSS doesn’t cover N/A
Other security certifications Yes
Any other security certifications
  • Cyber Essentials
  • Penetration tested by a GCHQ approved CHECK Certified company

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Information available upon request.
Information security policies and processes Information available upon request.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes to our applications and environment are conducted iteratively and tested on in-house staging environment and are shared amongst all staff including entire development team and directors before implementing in live environment to ensure relevant concerns are addressed. Changes are then deployed to small batches of users for testing before being rolled-out globally.
Vulnerability management type Supplier-defined controls
Vulnerability management approach For known product vulnerabilities we regularly apply all operating system and software updates.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We detect attempts to exploit known vulnerabilities and blacklist and profile all other traffic from the same source on the basis it could represent a 'zero day' attack. We use an automatic adaptive vulnerability management system which identifies failing requests to access our service, profiles them, and automatically screens them.
Incident management type Supplier-defined controls
Incident management approach We have automated monitoring systems to detect when any of our services go offline which alert engineering team via SMS and email. Our systems are continuously being improved to remove the causes of any recurring issues.
Users can report incidents by email, SMS, or phone.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0 to £20000 per licence per year
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑