Phonio UK Ltd (Telio)

Controllable Secure Digital Services for Inmates

Next Innovative Operation (NIO) is a secure and controlled unique user interface for inmates. This interface will take your prison administration to the next level. It supports the correctional staff in optimising their daily operations and also gives inmates more control of their own learning, communication and social interactions.

Features

  • Open platform to enable controlled TV and radio streaming
  • Secure and controlled e-mail and messaging
  • Documents portal (Intranet)
  • Digital request and complaints processing
  • Secure internet browsing (restricted access to approved sites)
  • Voice telephony interface
  • Prison announcements
  • Open platform capable of hosting e-learning content (HTML 5)
  • Administration features
  • Open platform for approved third party applications.

Benefits

  • Inmates engaging in meaningful activities reduces stress inside the prison
  • Communication makes it easier to keep contact with relatives
  • Distribute every kind of document to the inmates
  • Digitalisation of processes reduces paper handling and increases staff efficiency
  • Permitted and restricted website lists managed by staff
  • Secure and controllable communication with permitted contacts
  • Announcements can be sent to one, many or all inmates
  • Easy administration by prison staff
  • E-learning opportunities contribute to re-integration on release
  • Prepare for release by searching for accomodation, employment et cetera

Pricing

£0.87 per device per day

  • Free trial available

Service documents

G-Cloud 10

530192540790185

Phonio UK Ltd (Telio)

Jim Mountain

+4915251920318

jim.mountain@tel.io

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Secure Inmate Telephony which is also available in G-CLOUD. On the end user hardware of NIO a softphone application can be installed for telephony.
NIO is an open platform hosting applications and content from any source when approved by the customer.
Cloud deployment model Private cloud
Service constraints The NIO platform is specifically designed to address the security and administrative requirements of the detention environment. This includes prisons, forensic treatment establishments, youth corrections, et cetera. The service can operate on COAX or Ethernet networks
System requirements None - NIO platform is delivered as a complete solution

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support response times

Support response times Service available based on following schedule: - Support helpdesk: 09:00 till 17:00 Monday to Friday - Maintenance services: 24 hours per day, 365 days a year - We also offer an online help facility and incident management area where our customers can access support and create, update and view incidents 24 hours per day 7 days per week. Extensions to the service offering can be negotiated.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels When delivering service to our customers Phonio/Telio applies ITIL methodology. Service Desk work flows and document management are software supported. Within the Service Centre we set clear targets to attain this highest level of customer satisfaction. Examples from current customer operations: - Phonio provide a stable service and timely resolution of problems - Uptime of the service to exceed 99.5% - Correct administration of all incidents (requests) within the ticketing system (status update, update tickets and escalate ticket to IT as necessary) - First level resolution rate, 90%. Resolve tickets at the Service Centre level, without escalating to the IT Department. - Complete up-to-date CMDB, hardware traceable. - Average wait time of completed calls < 30 seconds for our customers when they call the Service Centre - We are pro-active in contacting our customers Our service team is equipped with all necessary roles and skills to meet these requirements.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Telio will provide on-site training at each establishment for all relevant users of our system. We will explain how the NIO system works for the prisoners and we will provide full staff training on the use of the software. If there is a significant system update a new training event will be planned. An online help facility is available as well as a support help desk.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction At the end of any contract all relevant data will be securely extracted from the system in a format which will be usable by the next provider. This will be delivered in a secure medium only to authorised personnel. Data will be removed from the Telio system and securely destroyed by a recognised data specialist.
End-of-contract process Telio will facilitate and cooperate with the incoming supplier to an agreed transition plan. This will include exporting and making available data in an agreed format. All supplied equipment remains the property of Telio. This will be removed at zero cost to the customer.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Opera
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility Our services are accessible through a secure device ( e.g: tablet, set top box for TV, kiosk) offered by Telio. The device can be adapted to customer requirements, e.g for accessability or vandalism protection requirements.
Accessibility testing Based on customer requirements elements such as volume control, contrast, keyboard or mounting position can be adapted for use by impaired users.
API No
Customisation available Yes
Description of customisation Users (staff) with authorised privileges can customise the features (e.g: access control, operation times, usage limitations) of our service through administration web interface. Customisation can be achieved on an individual, group, site or global level.

Scaling

Scaling
Independence of resources Contract based capacity reservation. But also load balancing and graceful degradation.

Analytics

Analytics
Service usage metrics Yes
Metrics types Usage statistics and security audit reports.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach Database encryption, encryption of backup files. Access control by means of username and password.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Most reporting features have an Excel or CSV export option on the web user interface.
Data export formats
  • CSV
  • Other
Other data export formats Excel - XLS
Data import formats
  • CSV
  • Other
Other data import formats Based on the customers inmate management system

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Phonio UK guarantees 99.5% availability of service
Approach to resilience The system has many levels of backup and disaster recovery strategy (Database backups, Virtual Machine backups, configuration backups). More details available on request.
Outage reporting Our health monitoring system is able to send email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Authorised staff will have access based on a username and password. User rights and permissions will be assigned based on function and roles. This will be managed by an assigned superuser of the customer organisation. Only predefined IP ranges will be able to access the management services. Other access restriction methods can be offered on request.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 TÜV Rheinland Cert GmbH
ISO/IEC 27001 accreditation date 10/07/2017
What the ISO/IEC 27001 doesn’t cover -
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications GDPR certification in progress

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Telio's handbook on Information Security Management is at the basis of our ISO 27001 certification.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach The NIO configuration and change management approach is based on the Information Technology Infrastructure Library (ITIL) best practices.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our system is a private cloud solution which in itself greatly reduces the number of potential threats. Vulnarability reports and patches of third party suppliers receive follow up without delay. At this stage we choose not to disclose further specific detail on our vulnerability management approach. However we can confirm that our services have been accepted by and delivered to over 650 institutions run by prison services in 18 countries mostly in Europe.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Our system is a private cloud solution which in itself greatly reduces the number of potential compromises. The system is proactively monitored 24/7. Incidents receive follow up without delay. At this stage we choose not to disclose further specific detail on our protective monitoring approach. However we can confirm that our services have been accepted by and delivered to over 650 institutions run by prison services in 18 countries mostly in Europe.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach The NIO incident management approach is based on the Information Technology Infrastructure Library (ITIL) best practices.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £0.87 per device per day
Discount for educational organisations No
Free trial available Yes
Description of free trial A trial version can be deployed subject to an agreed set of terms and conditions

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑