HUB is a business ratepayer data pooling solution helping identify Small Business Rates Relief fraud by consolidating all ratepayer data published individually by each Authority, in one place. HUB identifies all English Commercial properties and related information, storing it centrally with easy access through a securely hosted business intelligence portal.
- Fraud Hub: reporting suite outlining value of SBRR fraud detected
- Location Tracker: map of SBRR claimants operating across multiple regions
- Case Referral System: tracks movements of cases with real-time alerts
- Data Refresh Tracker: identifies when new rates data is uploaded
- Fraud Subscriber Forum: information sharing tool for Authorities
- Announcements: lists new Hub features and new subscribers
- Business Intelligence: consolidates data from multiple authorities and sources
- Performance Management: high level summary views providing management information instantly
- Automated Dynamic Reporting: easily exported into CSV files
- Secure Remote Access: facilitates working from anywhere
- Ratepayer Snapshot: quickly view businesses operating across multiple regions
- Fraud Detection: pinpoint fraudulent small business rates relief claims
- Inter-Authority Collaboration: proactively work with other Authorities to tackle fraud
- Single View of all Ratepayers: consolidated in one system
- Reduces Losses to Fraud: and its impact on Council income
- SBRR Audit Trail: ensuring accurate administration of business rates
- Restores Confidence: ensures all ratepayers operate on level playing field
- Identifies where data may fall through the gaps
- Improves financial performance and helps make better business decisions
- Provides easy access to current, relevant, accurate data
£3000 to £5000 per unit per year
- Free trial available
Destin Solutions Limited
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|System requirements||Browser Compatibility: Internet Explorer 8, 9, 10+, Firefox, Chrome, Safari|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Email support is offered and depending on the priority level of the support required response times will vary between 30 minutes and 2 hours. Response times are different at weekends and can range between 4 to 8 hours.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Onsite support|
Support is included in the cost of the system.
Destin Solutions provide telephone support during normal office hours (9:00am to 5:00pm – Monday to Friday). Email support is also provided both during and out of office hours.
The initial point of referring an incident is via telephone to the appointed Account Manager. All calls are logged and immediately directed to an appropriate technical representative. Destin Solutions will respond to the initial contact within 1 hour and will attempt to resolve the issue within 2 hours.
Further information is contained within our Incident Management Process Flow document.
|Support available to third parties||Yes|
Onboarding and offboarding
A full service on-boarding process is rolled out, when a new client is signed up. A trainer will be provided and use a 'train the trainer' approach so new users can be on-boarded quickly by the Council, long after the solution has been implemented. The client can set up their own users for the solution and manage their own user accounts, assigning different access levels dependent on role. We recommend the client appoints their own system administrator early on in the on-boarding process.
The solution also includes a web based user guide, which is accessible within the web portal.
|End-of-contract data extraction||Typically the data provided to customers by our solution is an exact copy of data held by the customers themselves. However if the client wants to capture additional information such as metadata associated with that information, Destin Solutions can manually extract and provide that data at an additional cost.|
At the end of the contract all customer data is immediately removed from Destin Solutions servers. All data stored by authorities is stored on logical drives which at contract termination can be erased using the following algorithms: DOD5220M/ CESG HMG, NIST 800-88.
Costs associated with data deletion are based on an hourly rate of £100 per hour.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Our mobile service offers optimised viewing experiences across different mobile platforms however all functionality offered within the desktop service is also available on the mobile service.|
|Accessibility standards||WCAG 2.1 AA or EN 301 549|
|Accessibility testing||Our solution is based on Microsoft SharePoint technology all of which has been extensively tested by Microsoft to ensure it meets the latest web accessibility needs and standards. As outlined extensively in their support documentation SharePoint provides; the ability to get colour contrasts right, add alternative text and so on – all the items users will typically see on many accessibility checklists. In addition, SharePoint is tested thoroughly to make sure that, people can use the sites without a mouse. Users can move around any SharePoint page and use any button or command by using only the keyboard. SharePoint also facilitates; alternatives to visuals (images, icons, etc.), and descriptive text for all images, such as alternative text (alt text). Creation of larger typefaces that make text easier to read, and black or high-contrast text. A predictable tab order and landmarks on a web page that enable the user to build a mental picture of the page so they can stay oriented and not lose track of where they are. Simple backgrounds without patterns behind text on web pages. Alternatives to colour to convey important information such as ensuring hyperlinks that are highlighted by colour are also underlined and so on.|
|Description of customisation||Customisations can be carried out by Destin Solutions on behalf of the client, the user's themselves cannot customise the service. Customisations can be made on the type of reports a customer can view. The solution can also be customised to suit a clients branding and logo requirements and guidelines.|
|Independence of resources||
Response times of different users are continuously monitored and if they go above certain parameters during normal use of the system, resources will be increased to reduce this back down to acceptable levels.
The system is also designed to prevent "queries of death" from being run, in any case, memory and CPU use of queries being run are continuously monitored so that if a query is hogging resources it can be shut down.
|Service usage metrics||Yes|
User administrators can monitor the following metrics on usage:
• Total visits
• Total Pages viewed
• Total Bytes Downloaded
These are summarised by Month, Week, Day and by User.
|Reporting types||Regular reports|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||Encryption of all physical media|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||All electronic transfers of data must be carried out using an encrypted channel. In normal operation, customers are expected to provide sensitive data electronically using agreed protocols. Destin Solutions provide a FTPS server secured with a GlobalSign SSL certificate for this purpose which meets Advanced Encryption Standards. We are also flexible enough to apply other secure methods which the Council may already be using subject to them meeting our criteria.|
|Data export formats||
|Other data export formats||PSV|
|Data import formats||
|Other data import formats||PSV|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
The service is available 9:00am to 6:00pm Monday to Friday. Between these core working hours stated, availability of service is 99.99%.
Planned upgrade and support work is always carried out, outside of core working hours to minimise the impact on service availability
|Approach to resilience||Available on request.|
|Outage reporting||Service outages are reported by email alert.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
Accounts given to staff should only have access to the minimum information and resources that are necessary for their job role. Members of staff which from time-time need to perform operations with elevated permissions will be provided with one or more elevated accounts to be used only when necessary to perform those tasks.
High privilege accounts must only be used when accounts of lower rights will not perform the tasks required.
Log management software is used to audit access to critical systems and detect inappropriate or suspicious access-related events including use of high privilege accounts.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||CDL Group Limited|
|ISO/IEC 27001 accreditation date||12/02/2019|
|What the ISO/IEC 27001 doesn’t cover||Sales and marketing activity are not covered within the scope of the certification.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||We are currently in the process of working towards our ISO 27001 accreditation.|
|Information security policies and processes||
Ultimate responsibility for information security rests with the Managing Director of Destin Solutions, but on a day-to-day basis the Data Protection Officer is responsible for implementing the policy and related procedures.
Line Managers are responsible for ensuring that their permanent/ temporary staff and contractors are aware of:-
- The information security policies applicable in their work areas
- Their personal responsibilities for information security
- How to access advice on information security matters
All staff shall comply with information security procedures including the maintenance of data confidentiality and data integrity. Failure to do so may result in disciplinary action.
Line managers are individually responsible for the security of their physical environments where information is processed or stored. Each staff member is responsible for the operational security of the information systems they use.
Each system user shall comply with the security requirements that are currently in force, and shall ensure the confidentiality, integrity and availability of the information they use is maintained to the highest standard.
Contracts with external contractors allowing access to the organisation’s information systems are in operation before access is allowed. These contracts ensure that staff or sub-contractors of the external organisation comply with all appropriate security policies.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||We use a continuous integration methodology with respect to development and as such have a fully automated and reproducible build and test cycle. Changes to system components are checked into our configuration management system and developers test their changes on a local build environment which mirrors the production build environment. If the build is successful then the changes are incorporated into the continuous integration build. Part of the automated test scripts also ensure the security of the system by simulating the effects of users with different access levels running queries against the system.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Windows Server Update Services (WSUS) is used to manage the patching of all the machines and configured to download the latest patches and updates for all components of the solution. WSUS also enables implementation and automation of a patch release strategy and allows us to monitor the number of machines a patch has been deployed to. We monitor relevant forums and official releases about any potential problems with the patch. If none are noted WSUS is updated to approve the patch to the appropriate servers during the next release cycle.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Our networks are protected by Intrusion Protection Systems (IPS) to identify, block and log the following common network attacks:
• Ping of Death
• IP half scan
• Port Scan
• Ping of Death
• DNS attacks
Our IPS is configured to scan and drop IP packets that contain IP options that are indicative of suspicious and potentially malicious behaviour.
We use Dell Intrust log management software which enables real-time notification of critical events through email alerts and automatic responses to certain events such as disabling a user account. Response times depend on priority level.
|Incident management type||Supplier-defined controls|
|Incident management approach||We use an incident management process flow chart. Users report incidents by phone, email or the portal interface. Incidents are then identified, logged, categorised and prioritised. Following incident diagnosis and resolution incidents are closed subject to users agreeing to the closure. Incidents are fully documented and an incident record is kept . Incident reports are available to customers whom have been impacted by the incident on request, via email, and typically outline the information detailed above.|
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£3000 to £5000 per unit per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||We do not give access to the system, but we do provide a sample dataset to the Authority of a suspected case of Small Business Rates Relief Fraud. This gives them the opportunity to view the type of information the solution provides and verify the accuracy of the data supplied.|