CHRIS BUTLER ASSOCIATES LIMITED

CBA SCIMON Case Management

Comprehensive Case Management with video/CCTV analytics
Automated tracking (40+ behaviours.)
Geo-tracking (objects/people incl partially obscured.)
‘Moped-Bandit’ snatching
Forensic tracking across historic video footage.
Anti-social behaviour monitoring/alerting
Counter-terrorism applications
Traffic management/analysis

Features

  • Tracks changes/objects/trends/signatures/unknown terrain by machine learning
  • Real-Time Data Sharing
  • Analyses >150TB video in real-time with AI/machine learning; any sources/types
  • Business Intelligence & Analytics
  • Identify objects/terrain/changes/trends/behaviours/any combo
  • ANPR module for live alerting
  • Integrated data sharing solution for intelligence collection and sharing
  • On-Demand Query
  • Full In-Suite Messaging
  • Assertive Facial Recognition for Access Control and Law Enforcement

Benefits

  • Automatically tracks people and objects
  • Automated alerting saving analysts time
  • Behaviours easily created and combined
  • Hostile reconnaisance
  • Vehicle collisions
  • Huge time saving
  • Run historical video post event to create alerts
  • Forensic tracking
  • Counter terror
  • Works with existing technology - no replacement

Pricing

£6,000 to £15,000 an instance a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chrisb@chrisbutlerassociates.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

5 3 0 9 2 8 8 9 1 6 0 2 7 0 6

Contact

CHRIS BUTLER ASSOCIATES LIMITED Chris Butler
Telephone: 01923432767
Email: chrisb@chrisbutlerassociates.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
Planned maintenance will be kept to a minimum and will always be agreed with the customer. The service may be unavailable for short periods when this occurs however we will work closely with the customer to ensure this is minimised.
Support will be available 24/7/365 however, we cannot support any 'additive' technology provided by the customer.
Any changes made by the customer outside the agreed change processes cannot be supported however we will work reasonably with the customer to advise on remediation.
System requirements
  • GPU Resource for optimal deployment (can be procured thru CBA)
  • Network sensors and 'internal' infrastructure resources
  • Appropriate End-user computing devices for the desktop

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support is available 24/7/365.
General office hours are 08:00 to 18:00 UK time, with fail-over to our US colleagues until 02:00 UK time however the intervening hours are covered.
Calls and emails will be responded to based upon Customer determined severity indicators as follows:
Severity 1 (High) - 1 hour
Severity 2 (Medium) - 4 hours
Severity 3 (Low) - 2 working days
Severity Levels are defined in our Service Definition Document
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 AAA
Web chat accessibility testing
To complete
Onsite support
Yes, at extra cost
Support levels
Support is provided on a 24/7/365 basis.
Level 1 and 2 is provided via our UK Support Team with 'advanced' Level 2 and Level 3 sitting with our Development and Technical Team in the US.
Level 1, 2 and 3 response and fix times will be agreed with our clients during contract agreement and will be based upon client needs wherever practicable.
Either ticketed or phone-based access is provided to our clients for any inquiry or request.
Support is included in our pricing at 20% per annum of the total cost of a contract (this is calculated as a percentage of the solution provision cost after the deduction of 'services' related to implementation.
Cloud Support Engineering is included and a Technical Account Manager can be provided if required by our client.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Full and ongoing training onsite together with online training. Follow-up training and support visits during the contract. Full user documentation included. Specific training will be provided for technical users as well as 'regular' users
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
Data can be provided in the format of choice. SCIMON can produce a very wide range of output formats automatically from JSON to almost any database format.
End-of-contract process
At the end of the contract, Chris Butler Associates and the Customer will determine the most appropriate method of data extraction and migration, depending upon future requirements. The process will be scoped and managed with CBA’s Technical Team. Costc associated with end of the contract activity are additional to the hosting and service costs and will be quoted at prevailing day rates (See SFIA Rate Card) based on the scope of work.

All customer data is managed in clearly segregated data stores. Upon withdrawal from our cloud service, all data will be securely deleted from our infrastructure. This includes all secondary data sources, such as backups. The deletion is enforced by the by security controls which ensure no unauthorised access to deleted data and, ultimately, secure wiping or physical destruction of the storage hardware when de-commissioned.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
To complete
Service interface
Yes
Description of service interface
Service interfaces are created based upon individual customer environments by our development team.
Accessibility standards
WCAG 2.1 AAA
Accessibility testing
We have not currently tested interfaces with assistive technologies but are happy to do so.
API
Yes
What users can and can't do using the API
We create custom APIs for information sharing and enabling access to specific data sets as requested by the customer. We do have not as yet published an open API but will advise when we do. Where we host via trusted secure 3rd parties, we enable use of their APIs and other technologies.
API documentation
Yes
API documentation formats
  • HTML
  • ODF
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Customisation can be requested from CBA during the requirements phase and can be tailored throughout the implementation phase. Customisation include interacting with various software, middleware and databases (ingestion and processing layer customisation). Result publishing is according to customer requirement (service layer customisation). We do not allow direct customisation however this is an inclusive process.

Scaling

Independence of resources
Our solution is built upon dynamic scaling and this is reflected in our license model. The solution dynamically scales up (or down) dependent on the levels of processing required

Analytics

Service usage metrics
Yes
Metrics types
Event logging, user access, jobs audit, capacity and usage, activity, security.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach
All customer data in our Secure Cloud environments is isolated and encrypted at rest through 256-bit AES encryption. Symmetric encryption using a multiple key hierarchy is used to encrypt and decrypt this data.

Access to customer data is restricted based on business need and by role-based access control and multifactor authentication, minimising standing access to data. Data encryption keys are created and controlled by CBA.

Our hosting providers cannot access data. We use Microsoft Azure, Google Cloud, AWS or private cloud solutions which which provide underlying highly resilient and secure data centres, physical hardware, networks/services that underpin our Secure Cloud.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data can be exported via a number of connectors to the database. These include but are not limited to: DbVisualizer SQL Workbench/J DBeaver SQuirreL SQL Client JDBC ODBC
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • SQL Tables
  • Tableau
  • Tibco Spotfire
  • Others
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Parquet
  • Orc
  • AVRO
  • JSON
  • Java/SCALA Objects
  • Amazon Redshift
  • Cassandra
  • Redis
  • Elastic Search
  • Neo4J

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
All data in transit between the Customer and the CBA’s hosting centres is secured and encrypted.

Data in transit to/ is secured by the following methods:
•Website traffic accessed via a browser is HTTPS only, encrypted and secured with SHA-2 x.509 certificates.
•Rich client application access via HTTPS and secure RDP encrypted to 128-bit.
•Restricted features for specific back office employees/ roles can be secured to be only accessible via an Internet Protocol Security (IPSEC) VPN tunnel meeting FIPS 140/2 standards.
•Secure integrations facilitated by an Internet Protocol Security (IPSEC) VPN tunnel meeting FIPS 140/2 standards.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
The hosting platforms are designed to be compliant with the UK Government Cloud Security Principles and are tested annually for defects against this standard. We use TLS1.2 or above for encrypted traffic and IPsec compliant VPNs with SHA-256 bit encryption.

Availability and resilience

Guaranteed availability
CBA Ltd has a standard form of SLA guaranteeing a minimum of 99.9% availability. If uptime for any item drops below the relevant threshold, a penalty will be applied in the form of a credit for the client.
This means the following month’s fee payable by the client will be reduced on a sliding scale.
The level of penalty will be calculated depending on the number of hours for which the service was unavailable, minus the downtime permitted by the SLA:
Uptime penalties in any month are capped at 50% of the total monthly fee .
This SLA can be varied by agreement with the client and will vary contract to contract due to the nature of the agreement.
Approach to resilience
Available on request
Outage reporting
From time to time, a planned outages may be required. Customers will be notified of any planned outages by email in advance and where possible these will be agreed to avoid any unnecessary service interruption, and such outages will be timed to minimise disruption. In the event of any unplanned outage, the Customer will be informed as quickly as possible by the speediest mechanism.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
CBA maintains RBAC (Role Based Access Control) access control across our solutions based on Least Privilege and Segregation of Duty to manage all roles.

Further authentication will be required depending on the management and support functions performed.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Cyber Essentials - As an SME, we are yet to achieve 'higher' certification however we adhere to the 14 Cloud Security Principles per NCSC guidelines. Our internal processes/procedures reinforce the requirements, we continually review those processes and the protections required by them. The MD is the named Security Officer.
Information security policies and processes
CBA Directors who are responsible for information systems are required to ensure that:

1. Systems are adequately protected from unauthorised access.
2. Systems are secured against theft and damage to a level that is cost-effective.
3. Adequate steps are taken to ensure the availability of the information system, commensurate with its importance (Business Continuity).
4. Electronic data can be recovered in the event of loss of the primary source. I.e. failure or loss of a computer system. It is incumbent on all system owners to backup data and to be able to restore data to a level commensurate with its importance (Disaster Recovery).
5. Data is maintained with a high degree of accuracy.
6. Systems are used for their intended purpose and that procedures are in place to rectify discovered or notified misuse.
7. Any electronic access logs are only retained for a justifiable period to ensure compliance with the data protection, investigatory powers and freedom of information acts.
8. Any third parties entrusted with CBA data understand their responsibilities with respect to maintaining its security.

CBA also maintains Acceptable use and Password Management Policies together with Security Incident Management processes.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Our platform services layer monitors configuration and change as a service. Robust testing including penetration testing ensure that we mitigate any potential security impact.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Threat assessment is generally run in conjunction with the customer in pre-deployment where we will undertake penetration and other testing; following which we will undertake a desktop exercise to both understand threats and mitigate them. We will recommend protective monitoring throughout the 'in-service' period. We deploy patches as soon as feasible following internal testing and agreement with the customer; we would endeavour to patch no later than 72 hours after release. Urgent patching to server layers may be undertaken immediately. Threat information is garnered from a number of sources given the broad base of our technology.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
If we deploy within a customer enterprise, we will connect our service to the enterprise security suite. Any breach of role-based access will be reported internally via LDAP. If we deploy in one of our hosting environments, we will deliver a similar service using their enterprise security solutions. We will contact the customer by phone, email and/or other agreed methods. We respond to incidents immediately if they are deemed critical risks. We do not compromise on potential security problems
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We have a series of pre-defined processes. Users can report incidents to our Service Desk either by phone, email or via our web forms. We provide automated incident reports at intervals agreed with our customers and individually for priority 1 incidents.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Pricing

Price
£6,000 to £15,000 an instance a year
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chrisb@chrisbutlerassociates.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.