Quantexa Ltd

Quantexa Fraud, Intelligence and Optimisation Service

A fraud and intelligence capability that allows customers to upload data, where data quality is assessed, entities are resolved, data is linked into networks, indexed and scored using analytical models for fraud waste and abuse. Users can either download outcomes or interact through a web based investigation and triage tool.


  • Fraud, waste and abuse detection
  • Intelligence generation
  • Entity resolution and single view of citizen or golden record
  • Advanced analytical models / scorecards (including text based analysis)
  • Data Linking and networking (social network analysis)
  • Data quality assessment
  • Investigation interface, network diagrams, search and graphs
  • Pilot or measure the scale of fraud, waste or abuse
  • Many fraud types (procurement, corruption, health, tax, benefits,etc.)
  • Analytics applications beyond fraud - data driven decisions


  • Pilot before production to determine potential benefits
  • Measure the scale of potential fraud, waste or abuse problem
  • Your own staff may have access to create detection models
  • Very advanced capability with analytics on: event, entity and network
  • Easily move from initial pilot into a repeated production service
  • Online / real time scoring capability is available on demand
  • Save money and reduce reputational risk, while increasing efficiency
  • Offers low false positive rates through advanced analytics
  • Transparent risk scores ensure rapid investigation and good adoption
  • Range of deployment options


£26250 to £1750000 per unit per year

Service documents

G-Cloud 9


Quantexa Ltd

Imamul Hoque



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Cloud hardware must support Hadoop, Spark and Elastic
System requirements Only relies on open source, but support arrangements may help

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Will depend upon the severity of the issue - highest severity is within 30minutes
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Error Severity Level Response Time Provision of Workaround Provision of Error Correction
1 Critical 30 mins 4 working hours 5 day
2 Serious 60 mins 24 hours 10 days
3 Degraded 2 hours 48 hours 20 days
4 Minimal 1 week Next Update Next Update

A technical account manager can be made available at a cost of £800 per day
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite training is the preferred option
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Flat file upon request and purge if required
End-of-contract process The following are included in the price:
Disable user access
One off extract of customer data
Purge of customer data

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Chrome
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility This will depend upon what features of the service the users will want to use.
Accessibility testing None to date
Customisation available Yes
Description of customisation Scores and interface features can be customised upon request


Independence of resources The system can scale out using public cloud features


Service usage metrics Yes
Metrics types Basic usage metrics are provided in line with the pricing model
Reporting types Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Via flat file using SFTP or via any web based download interfaces
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Customers tend to require very different SLA's we do not have a standard agreement
Approach to resilience We use naturally resilient application architectures based on Hadoop Spark and Elastic. All components can be scaled out
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels As well as SSH certificate based ID management, IP address range restriction is also used
Access restriction testing frequency At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach We rely on the security capability of our underlying hosting partners (typically Amazon, Google or Azure)
Information security policies and processes We are moving towards ISO 270001, we have staff training in data protection, staff vetting upon recruitment, limited access to servers within out cloud environment, awareness of security breach reporting needs

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes within the Devops environment have to pass our head of R&D and are independently approved by our CTO before they are applied to the production environments. major releases of software are penetration tested
Vulnerability management type Supplier-defined controls
Vulnerability management approach We rely upon the vulnerability management provided by our hosting partners: Amazon, Google or Azure. Penetration testing of the software is performed. Patches can be developed, approved and applied in under 4 hours if required
Protective monitoring type Supplier-defined controls
Protective monitoring approach We do not currently have a proactive monitoring in place other than what is provided by Amazon, Google or Azure
Incident management type Supplier-defined controls
Incident management approach We have an in house escalation process:

Problem Escalation

Level Severity 1 Severity 2 Severity 3 Severity 4 Service Level
1 (Problem handler) Immediate Immediate 2 Business Days 4 Business Days 100%
2 (Support manager) Immediate 8 hours 4 Business Days NA 100%
3 (Head of R&D / CTO) 4 hours 24 hours NA NA 100%
4 (CEO) 8 hours 48 hours NA NA 100%

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £26250 to £1750000 per unit per year
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑