HunchLab is a web-based proactive patrol management system for police departments. Advanced statistical models and machine learning techniques forecast when and where crimes are likely to emerge. Officers are then encouraged to apply evidence-based policing tactics for harm reduction within these identified locations.


  • Web-based crime forecasting / predictive policing solution
  • Incorporates harm-focused approach to day-to-day mitigation activities
  • Advanced geographic modeling to forecast the emergence of crime
  • Incorporates multiple criminological theories into a single risk prediction
  • References crime and noncrime datasets to improve predictive accuracy
  • Allocates patrol resources as to attain smart dosage levels
  • Location based crime risk interface for GPS-equipped devices
  • Simple static PDF reports for dissemination
  • Secure cloud hosting in selected Amazon Web Services location
  • Transparent and auditable modeling artifacts


  • Aligns police activity with predicted harm at specific locations
  • Improves ability to anticipate crime risk over standard methods
  • Maximizes the impact of available patrols via optimal dosing
  • High availability cloud hosting reduces operational costs and complexity
  • Optional pilot program minimizes risk through shortterm trials
  • Minimal training requirements for administration and use
  • Integration with existing CAD/RMS maximizes current investment
  • Open API enables integration into existing systems
  • Tracks Key Performance Indicators in real-time to improve services


£45500 per instance per year

  • Free trial available

Service documents

G-Cloud 9



Robert Cheetham


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Mobile access to HunchLab is provided in an HTML5 web-based map viewer, but certain constraints apply to its use. Connectivity in the field requires placing the HunchLab website on a network whitelist and enabling its access by designated officers on their MDT’s, laptops, or other mobile devices. If this is not possible, HunchLab has the capability of generating PDF reports for each district/sector that can be emailed or printed out, and then disseminated into the field. These reports can be generated at any time, for any shift, giving the department plenty of time for distribution and review.
System requirements
  • Network connectivity through modern browsers
  • Last two versions of Chrome, Firefox, or IE/Edge browsers
  • Windows 7 or newer, Macintosh, Linux, iOS, or Android OS
  • Geocoded crime incident or calls for service data
  • GPS location of device (enhances user experience)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support is available from 9:00 AM to 5:00 PM, Eastern Standard Time, on regular business days, excluding U.S. holidays. Responses are generally provided within twenty-four hours and a resolution is provided within one to five business days, depending on the severity of the issue.
User can manage status and priority of support tickets No
Phone support No
Web chat support No
Onsite support Yes, at extra cost
Support levels Azavea shall use commercially reasonable efforts to provide the following support services for our customers: 1) Provide telephone, web and/or email support to customers during normal business hours (9am – 6pm, Eastern Time); 2) Respond to customer support queries regarding within one to five business days, depending on the severity of the issue; and 3) Escalation of incidents to increase resolution and decrease turnaround time based upon customer description of impact.

Support is included in the cost of each subscription. Subscription costs vary by customer and are based on the total population served by the host law enforcement agency. An Account Manager is assigned to each customer, but Azavea also has Data Scientists, Software Engineers, and Cloud Operations Managers on site to assist with related needs.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The on-boarding process begins with a phone call or e-mail to the Azavea contact. Customer inquiries are responded to by a member of the HunchLab Business Development Team and/or HunchLab’s Product Manager, usually within forty-eight hours.

Azavea provides training for HunchLab users to gain familiarity with HunchLab and maximize its utility. There are two types of training sessions that will be provided with each subscription: 1.) Training for administrators and analysts; 2) Training for commanders and officers

These training sessions will be provided remotely via a webinar specific to the customer, which will be recorded with the video files provided to the customer for later use and reference. Each webinar will require approximately two hours of an attendee’s time, including a question-and-answer period. To supplement the webinars, Azavea will also provide simple cheat sheets to serve as quick references for the daily use of HunchLab.

If on-site training is preferred, travel costs will be billed to the customer.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • General training webinars available online
  • Customer-specific training sessions in audio/video format
End-of-contract data extraction If off-boarding occurs at the end of a subscription term, the customer will provide the Azavea Project Manager with a minimum of thirty days’ notice prior to the end of any subscription period if services are no longer required. Azavea will shut down service and customer access at the end of the current subscription period and purge customer data from the system.

The customer will have the option of receiving a data archive of the predictions and models delivered during the term of service. Data archives are saved to hard drive(s) and delivered to the customer by postal or other delivery service. Additional fees apply.

If a customer wishes to terminate a HunchLab subscription at any time during an annual term, the customer must provide the Azavea Project Manager with a minimum of thirty days’ notice. Azavea will shut down the service and customer access within the thirty-day period and purge customer data from the system. No refunds are available to customers who end their service prior to the end of a subscription term. Data archiving options, as described above, are available for an additional fee.
End-of-contract process See previous response.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service HunchLab uses responsive web design to provide an optimal viewing experience on multiple platforms, including web browsers and mobile and tablet devices. It automatically applies styling and workflow elements based on the characteristics of the display device, such as its screen size or resolution. The mobile service (Sidekick) leverages GPS-equipped devices to provide location-specific data to officers in the field. Officers are able to view crime risk information about their current location, receive notifications when they are near Missions, and review recommended tactics (powered by the Advisor module). Sidekick also notifies officers of recent events within Mission areas.
Accessibility standards None or don’t know
Description of accessibility HunchLab was developed for internal use by police departments rather than broader use by the general public. In keeping with police recruitment standards currently in place in the UK and elsewhere, we have endeavored to select colors for HunchLab that optimize graph and thematic map readability for people with color blindness.
Accessibility testing None at this time.
What users can and can't do using the API HunchLab is built on a set of REST APIs that enable integration with third-party applications and services. Event data (crimes, calls for service, etc.) are transferred to HunchLab in a simple CSV format via a Representational State Transfer (or RESTful) HTTP Application Programming Interface (API) endpoint. Clients can directly push data into this API endpoint or Azavea can support its use. CSV uploads contain column headers and basic attribute values, such as the location and time of an event. Formatted CSV files can also be uploaded directly via the HunchLab administrative user interface.

All features that can be configured within the HunchLab interface are available via the API. Analytic output can be pulled from the API and ingested into 3rd party mapping applications.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation HunchLab offers a number of customization options to suit agencies with differing needs and resources. For the Predictive Missions module, which is standard for HunchLab, users are able to define event and covariate data sources for the crime risk forecasting models, define the geographic boundaries wherein the modeling will take place, and determine the crime classes that will compose each model. Users are also able to define crime model and patrol efficacy weights for the models, as well as the color scheme used to display modeling results (known as “missions”) on the map. The number and duration of shifts and the number of resources allocated to each shift can also be configured into the modeling process. Furthermore, HunchLab’s optional Sidekick interface leverages GPS-equipped devices for location-based risk display in the field.

Additional HunchLab modules are focused on multiple levels of agency performance. The HunchLab Advisor module enables users to engage in evidence-based policing through its Field Test, Experiment, and Adaptive Tactic initiatives, while the HunchLab Dashboard module ingests calls-for-service data and displays visualizations of key performance indicators in card-based widgets on an HDTV or monitor. Each module is priced separately.


Independence of resources Using the Amazon Web Services cloud infrastructure, servers are automatically started to handle increased system load when needed. The elasticity of the cloud not only enables Azavea to handle increases in user traffic, but also enables us to harness large quantities of computing power to run robust statistical models.


Service usage metrics Yes
Metrics types The HunchLab system keeps a running audit log of activity by users, including log-on attempts and information retrieval. These records are retained for at least 365 days. In addition, API requests or activities by officers in the field can be requested for a more granular view of overall usage. Azavea is currently building a real-time dashboard for HunchLab that will enable easy access to this information.
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency Never
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Analytic outputs of HunchLab are available via our open API in standard formats such as GeoJSON and JSON. Analytic output can also be turned into PDF reports for export.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • GeoJSON
  • GeoTIFF
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • JSON
  • ShapeFile (common GIS standard)

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability During the Term of the HunchLab subscription, Azavea shall make commercially reasonable efforts to maintain the operation and availability of the application to the Customer at least 99.9% of the time as measured over the course of a calendar month. This SLA level corresponds with approximately 44 minutes of unplanned downtime per month. Scheduled downtime will not be included in these calculations but generally will amount to less than 1 hour per month.
Approach to resilience The HunchLab service is designed to be resilient to failure with redundancy built into the system architecture. The AWS platform upon which HunchLab is hosted provides robust services to maintain application availability even in the face of infrastructure failure. Within each AWS region, multiple availability zones allow an application to remain available even with the complete failure of an individual data center. Power and network connectivity systems are designed for redundancy with onsite backup power generation.

The HunchLab application is designed to use multiple availability zones within a region to provide availability even in the face of the loss of a complete zone. Availability zones are independent data centers within the region. The application is designed to survive the complete failure of an availability zone (a complete data center) without manual intervention by Azavea.
Outage reporting Azavea has implemented automatic monitoring of system uptime and incident alerts to provide timely resolution of system issues.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication Access to system functionality is restricted based upon security roles. For instance, only a few users need administrative access to the system.

HunchLab can delegate credential management to 3rd party directory services such as Active Directory through the SAML standard. Additionally, HunchLab can provide a stand-alone authentication system that complies with both the standard authentication and advanced authentication specifications, such as 2-factor authentication using time-based tokens generated locally by mobile applications for mobile devices.

Additional costs may apply if Azavea is managing 2-factor authentication on behalf of the customer.
Access restrictions in management interfaces and support channels Azavea has a long history of handling sensitive law enforcement data sets. HunchLab is delivered as a secure cloud-based subscription service using Amazon Web Services (AWS). Root access to the management plane is secured via 2 factor authentication and stored offline in a secure location and not accessible by the day-to-day operations staff members working on the project. Day-to-day operations are secured with 2 factor authentication and cryptographic certificates.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Independent third-party auditor.
ISO/IEC 27001 accreditation date November 11, 2016.
What the ISO/IEC 27001 doesn’t cover This certification covers the Amazon Web Services environment and is not a certification of Azavea.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification An independent third-party evaluator certified HunchLab's AWS infrastructure.
PCI DSS accreditation date July 1, 2016.
What the PCI DSS doesn’t cover This certification covers the Amazon Web Services environment and is not a certification of Azavea. The AWS platform regularly passes third-party evaluations. AWS has achieved ISO 27001 certification and has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). AWS annually publishes SOC 1, 2 and 3 audits. AWS is also a FedRAMP Compliant Cloud Service Provider (CSP) with validation at the Moderate level. This validation covers both the regular US regions and the GovCloud region. AWS has been successfully evaluated at the FISMA Moderate level for US federal government systems as well as DIACAP Level 2 for US DoD systems.
Other security accreditations Yes
Any other security accreditations
  • UK Cloud Security Principles (through AWS)
  • UK Data Protection Act (through AWS)
  • EU Data Protection Directive (through AWS)
  • EU-US Privacy Shield (through AWS)

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach Azavea's security governance is not accredited. AWS provides the environment within which all Customer data is maintained and does conform to ISO 27001.
Information security policies and processes By default, Azavea solely holds customer data within the AWS data center selected by the customer. This design minimizes the security surface of attacks. Access to this environment is restricted to cleared members of the development team and operations teams. Authentication credentials for root access to the management plane is kept in a secure, offline location and is only usable by high level personal not working on the project day to day. In terms of security, the development team and product management team reports to the Director of Operations and CEO.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The code base for the application is in a source control system. Each modification to the code is reviewed by a second developer to improve quality and security. Continuous integration runs a suite of programmatic tests run against every modification of the code to prevent regressions. The application utilizes OS releases that are currently supported. OS security patches are applied upon each deployment of the software via golden images for machines. Other software packages on a regular basis based upon the severity of the patch. Testing occurs in a separate hosting account so that contact with client data is minimized.
Vulnerability management type Supplier-defined controls
Vulnerability management approach The Azavea Development Operations team and Product Management team keep abreast of security alerts provided by AWS and 3rd party services. Such vulnerabilities are examined for applicability to our infrastructure. When patches are necessary, the development team creates new golden images for deployment to the production environment and then deploys these new machine images. Some component services are fully managed by AWS and are patched automatically by AWS.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Azavea has implemented automatic monitoring of system uptime and incident alerts to provide timely resolution of system issues. In the event of a suspected or confirmed security breach, Azavea will proactively notify the law enforcement agency of the breach in a timely manner. Further, AWS has achieved ISO 27001 certification.
Incident management type Supplier-defined controls
Incident management approach The HunchLab service is designed to be resilient to failure with redundancy built into the system architecture. Azavea shall maintain a monitoring service external to the data center housing the equipment supporting the application and shall monitor the service with reasonable frequency and duration. Additionally, Azavea has implemented automatic monitoring of system uptime and incident alerts to provide timely resolution of system issues. In the event of a suspected or confirmed security breach, Azavea will proactively notify the law enforcement agency of the breach in a timely manner.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • New NHS Network (N3)
  • Joint Academic Network (JANET)


Price £45500 per instance per year
Discount for educational organisations No
Free trial available Yes
Description of free trial While a free version of HunchLab is not available, Azavea's pilot program enables customers to use HunchLab operationally with their own data for up to three months before deciding if a subscription is right for them. Azavea's Pricing document outlines reduced fees and associated terms for this option.


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑