Destin Solutions Limited

HUB

HUB is a business ratepayer data pooling solution helping identify Small Business Rates Relief fraud by consolidating all ratepayer data published individually by each Authority, in one place. HUB identifies all English Commercial properties and related information, storing it centrally with easy access through a securely hosted business intelligence portal.

Features

  • Fraud Hub: reporting suite outlining value of SBRR fraud detected
  • Location Tracker: map of SBRR claimants operating across multiple regions
  • Case Referral System: tracks movements of cases with real-time alerts
  • Data Refresh Tracker: identifies when new rates data is uploaded
  • Fraud Subscriber Forum: information sharing tool for Authorities
  • Announcements: lists new Hub features and new subscribers
  • Business Intelligence: consolidates data from multiple authorities and sources
  • Performance Management: high level summary views providing management information instantly
  • Automated Dynamic Reporting: easily exported into CSV files
  • Secure Remote Access: facilitates working from anywhere

Benefits

  • Ratepayer Snapshot: quickly view businesses operating across multiple regions
  • Fraud Detection: pinpoint fraudulent small business rates relief claims
  • Inter-Authority Collaboration: proactively work with other Authorities to tackle fraud
  • Single View of all Ratepayers: consolidated in one system
  • Reduces Losses to Fraud: and its impact on Council income
  • SBRR Audit Trail: ensuring accurate administration of business rates
  • Restores Confidence: ensures all ratepayers operate on level playing field
  • Identifies where data may fall through the gaps
  • Improves financial performance and helps make better business decisions
  • Provides easy access to current, relevant, accurate data

Pricing

£3000 to £5000 per unit per year

  • Free trial available

Service documents

G-Cloud 11

818342379431507

Destin Solutions Limited

Duncan Baxter

01772 842092

duncan.baxter@destin.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints None.
System requirements Browser Compatibility: Internet Explorer 8, 9, 10+, Firefox, Chrome, Safari

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Email support is offered and depending on the priority level of the support required response times will vary between 30 minutes and 2 hours. Response times are different at weekends and can range between 4 to 8 hours.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Support is included in the cost of the system.
Destin Solutions provide telephone support during normal office hours (9:00am to 5:00pm – Monday to Friday). Email support is also provided both during and out of office hours.

The initial point of referring an incident is via telephone to the appointed Account Manager. All calls are logged and immediately directed to an appropriate technical representative. Destin Solutions will respond to the initial contact within 1 hour and will attempt to resolve the issue within 2 hours.

Further information is contained within our Incident Management Process Flow document.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started A full service on-boarding process is rolled out, when a new client is signed up. A trainer will be provided and use a 'train the trainer' approach so new users can be on-boarded quickly by the Council, long after the solution has been implemented. The client can set up their own users for the solution and manage their own user accounts, assigning different access levels dependent on role. We recommend the client appoints their own system administrator early on in the on-boarding process.
The solution also includes a web based user guide, which is accessible within the web portal.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Typically the data provided to customers by our solution is an exact copy of data held by the customers themselves. However if the client wants to capture additional information such as metadata associated with that information, Destin Solutions can manually extract and provide that data at an additional cost.
End-of-contract process At the end of the contract all customer data is immediately removed from Destin Solutions servers. All data stored by authorities is stored on logical drives which at contract termination can be erased using the following algorithms: DOD5220M/ CESG HMG, NIST 800-88.

Costs associated with data deletion are based on an hourly rate of £100 per hour.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Our mobile service offers optimised viewing experiences across different mobile platforms however all functionality offered within the desktop service is also available on the mobile service.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing Our solution is based on Microsoft SharePoint technology all of which has been extensively tested by Microsoft to ensure it meets the latest web accessibility needs and standards. As outlined extensively in their support documentation SharePoint provides; the ability to get colour contrasts right, add alternative text and so on – all the items users will typically see on many accessibility checklists. In addition, SharePoint is tested thoroughly to make sure that, people can use the sites without a mouse. Users can move around any SharePoint page and use any button or command by using only the keyboard. SharePoint also facilitates; alternatives to visuals (images, icons, etc.), and descriptive text for all images, such as alternative text (alt text). Creation of larger typefaces that make text easier to read, and black or high-contrast text. A predictable tab order and landmarks on a web page that enable the user to build a mental picture of the page so they can stay oriented and not lose track of where they are. Simple backgrounds without patterns behind text on web pages. Alternatives to colour to convey important information such as ensuring hyperlinks that are highlighted by colour are also underlined and so on.
API No
Customisation available Yes
Description of customisation Customisations can be carried out by Destin Solutions on behalf of the client, the user's themselves cannot customise the service. Customisations can be made on the type of reports a customer can view. The solution can also be customised to suit a clients branding and logo requirements and guidelines.

Scaling

Scaling
Independence of resources Response times of different users are continuously monitored and if they go above certain parameters during normal use of the system, resources will be increased to reduce this back down to acceptable levels.

The system is also designed to prevent "queries of death" from being run, in any case, memory and CPU use of queries being run are continuously monitored so that if a query is hogging resources it can be shut down.

Analytics

Analytics
Service usage metrics Yes
Metrics types User administrators can monitor the following metrics on usage:
• Total visits
• Total Pages viewed
• Total Bytes Downloaded

These are summarised by Month, Week, Day and by User.
Reporting types Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach All electronic transfers of data must be carried out using an encrypted channel. In normal operation, customers are expected to provide sensitive data electronically using agreed protocols. Destin Solutions provide a FTPS server secured with a GlobalSign SSL certificate for this purpose which meets Advanced Encryption Standards. We are also flexible enough to apply other secure methods which the Council may already be using subject to them meeting our criteria.
Data export formats
  • CSV
  • Other
Other data export formats PSV
Data import formats
  • CSV
  • Other
Other data import formats PSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The service is available 9:00am to 6:00pm Monday to Friday. Between these core working hours stated, availability of service is 99.99%.

Planned upgrade and support work is always carried out, outside of core working hours to minimise the impact on service availability
Approach to resilience Available on request.
Outage reporting Service outages are reported by email alert.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Accounts given to staff should only have access to the minimum information and resources that are necessary for their job role. Members of staff which from time-time need to perform operations with elevated permissions will be provided with one or more elevated accounts to be used only when necessary to perform those tasks.

High privilege accounts must only be used when accounts of lower rights will not perform the tasks required.

Log management software is used to audit access to critical systems and detect inappropriate or suspicious access-related events including use of high privilege accounts.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 CDL Group Limited
ISO/IEC 27001 accreditation date 12/02/2019
What the ISO/IEC 27001 doesn’t cover Sales and marketing activity are not covered within the scope of the certification.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We are currently in the process of working towards our ISO 27001 accreditation.
Information security policies and processes Ultimate responsibility for information security rests with the Managing Director of Destin Solutions, but on a day-to-day basis the Data Protection Officer is responsible for implementing the policy and related procedures.

Line Managers are responsible for ensuring that their permanent/ temporary staff and contractors are aware of:-
- The information security policies applicable in their work areas
- Their personal responsibilities for information security
- How to access advice on information security matters

All staff shall comply with information security procedures including the maintenance of data confidentiality and data integrity. Failure to do so may result in disciplinary action.

Line managers are individually responsible for the security of their physical environments where information is processed or stored. Each staff member is responsible for the operational security of the information systems they use.

Each system user shall comply with the security requirements that are currently in force, and shall ensure the confidentiality, integrity and availability of the information they use is maintained to the highest standard.

Contracts with external contractors allowing access to the organisation’s information systems are in operation before access is allowed. These contracts ensure that staff or sub-contractors of the external organisation comply with all appropriate security policies.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We use a continuous integration methodology with respect to development and as such have a fully automated and reproducible build and test cycle. Changes to system components are checked into our configuration management system and developers test their changes on a local build environment which mirrors the production build environment. If the build is successful then the changes are incorporated into the continuous integration build. Part of the automated test scripts also ensure the security of the system by simulating the effects of users with different access levels running queries against the system.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Windows Server Update Services (WSUS) is used to manage the patching of all the machines and configured to download the latest patches and updates for all components of the solution. WSUS also enables implementation and automation of a patch release strategy and allows us to monitor the number of machines a patch has been deployed to. We monitor relevant forums and official releases about any potential problems with the patch. If none are noted WSUS is updated to approve the patch to the appropriate servers during the next release cycle.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Our networks are protected by Intrusion Protection Systems (IPS) to identify, block and log the following common network attacks:
• Ping of Death
• IP half scan
• Port Scan
• Ping of Death
• Land
• DNS attacks

Our IPS is configured to scan and drop IP packets that contain IP options that are indicative of suspicious and potentially malicious behaviour.

We use Dell Intrust log management software which enables real-time notification of critical events through email alerts and automatic responses to certain events such as disabling a user account. Response times depend on priority level.
Incident management type Supplier-defined controls
Incident management approach We use an incident management process flow chart. Users report incidents by phone, email or the portal interface. Incidents are then identified, logged, categorised and prioritised. Following incident diagnosis and resolution incidents are closed subject to users agreeing to the closure. Incidents are fully documented and an incident record is kept . Incident reports are available to customers whom have been impacted by the incident on request, via email, and typically outline the information detailed above.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £3000 to £5000 per unit per year
Discount for educational organisations No
Free trial available Yes
Description of free trial We do not give access to the system, but we do provide a sample dataset to the Authority of a suspected case of Small Business Rates Relief Fraud. This gives them the opportunity to view the type of information the solution provides and verify the accuracy of the data supplied.

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑