HunchLab is a web-based proactive patrol management system for police departments. Advanced statistical models and machine learning techniques forecast when and where crimes are likely to emerge. Officers are then encouraged to apply evidence-based policing tactics for harm reduction within these identified locations.
- Web-based crime forecasting / predictive policing solution
- Incorporates harm-focused approach to day-to-day mitigation activities
- Advanced geographic modeling to forecast the emergence of crime
- Incorporates multiple criminological theories into a single risk prediction
- References crime and noncrime datasets to improve predictive accuracy
- Allocates patrol resources as to attain smart dosage levels
- Location based crime risk interface for GPS-equipped devices
- Simple static PDF reports for dissemination
- Secure cloud hosting in selected Amazon Web Services location
- Transparent and auditable modeling artifacts
- Aligns police activity with predicted harm at specific locations
- Improves ability to anticipate crime risk over standard methods
- Maximizes the impact of available patrols via optimal dosing
- High availability cloud hosting reduces operational costs and complexity
- Optional pilot program minimizes risk through shortterm trials
- Minimal training requirements for administration and use
- Integration with existing CAD/RMS maximizes current investment
- Open API enables integration into existing systems
- Tracks Key Performance Indicators in real-time to improve services
£45500 per instance per year
- Free trial available
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Service constraints||Mobile access to HunchLab is provided in an HTML5 web-based map viewer, but certain constraints apply to its use. Connectivity in the field requires placing the HunchLab website on a network whitelist and enabling its access by designated officers on their MDT’s, laptops, or other mobile devices. If this is not possible, HunchLab has the capability of generating PDF reports for each district/sector that can be emailed or printed out, and then disseminated into the field. These reports can be generated at any time, for any shift, giving the department plenty of time for distribution and review.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Support is available from 9:00 AM to 5:00 PM, Eastern Standard Time, on regular business days, excluding U.S. holidays. Responses are generally provided within twenty-four hours and a resolution is provided within one to five business days, depending on the severity of the issue.|
|User can manage status and priority of support tickets||No|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Azavea shall use commercially reasonable efforts to provide the following support services for our customers: 1) Provide telephone, web and/or email support to customers during normal business hours (9am – 6pm, Eastern Time); 2) Respond to customer support queries regarding within one to five business days, depending on the severity of the issue; and 3) Escalation of incidents to increase resolution and decrease turnaround time based upon customer description of impact.
Support is included in the cost of each subscription. Subscription costs vary by customer and are based on the total population served by the host law enforcement agency. An Account Manager is assigned to each customer, but Azavea also has Data Scientists, Software Engineers, and Cloud Operations Managers on site to assist with related needs.
|Support available to third parties||Yes|
Onboarding and offboarding
The on-boarding process begins with a phone call or e-mail to the Azavea contact. Customer inquiries are responded to by a member of the HunchLab Business Development Team and/or HunchLab’s Product Manager, usually within forty-eight hours.
Azavea provides training for HunchLab users to gain familiarity with HunchLab and maximize its utility. There are two types of training sessions that will be provided with each subscription: 1.) Training for administrators and analysts; 2) Training for commanders and officers
These training sessions will be provided remotely via a webinar specific to the customer, which will be recorded with the video files provided to the customer for later use and reference. Each webinar will require approximately two hours of an attendee’s time, including a question-and-answer period. To supplement the webinars, Azavea will also provide simple cheat sheets to serve as quick references for the daily use of HunchLab.
If on-site training is preferred, travel costs will be billed to the customer.
|Other documentation formats||
|End-of-contract data extraction||
If off-boarding occurs at the end of a subscription term, the customer will provide the Azavea Project Manager with a minimum of thirty days’ notice prior to the end of any subscription period if services are no longer required. Azavea will shut down service and customer access at the end of the current subscription period and purge customer data from the system.
The customer will have the option of receiving a data archive of the predictions and models delivered during the term of service. Data archives are saved to hard drive(s) and delivered to the customer by postal or other delivery service. Additional fees apply.
If a customer wishes to terminate a HunchLab subscription at any time during an annual term, the customer must provide the Azavea Project Manager with a minimum of thirty days’ notice. Azavea will shut down the service and customer access within the thirty-day period and purge customer data from the system. No refunds are available to customers who end their service prior to the end of a subscription term. Data archiving options, as described above, are available for an additional fee.
|End-of-contract process||See previous response.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||HunchLab uses responsive web design to provide an optimal viewing experience on multiple platforms, including web browsers and mobile and tablet devices. It automatically applies styling and workflow elements based on the characteristics of the display device, such as its screen size or resolution. The mobile service (Sidekick) leverages GPS-equipped devices to provide location-specific data to officers in the field. Officers are able to view crime risk information about their current location, receive notifications when they are near Missions, and review recommended tactics (powered by the Advisor module). Sidekick also notifies officers of recent events within Mission areas.|
|Accessibility standards||None or don’t know|
|Description of accessibility||HunchLab was developed for internal use by police departments rather than broader use by the general public. In keeping with police recruitment standards currently in place in the UK and elsewhere, we have endeavored to select colors for HunchLab that optimize graph and thematic map readability for people with color blindness.|
|Accessibility testing||None at this time.|
|What users can and can't do using the API||
HunchLab is built on a set of REST APIs that enable integration with third-party applications and services. Event data (crimes, calls for service, etc.) are transferred to HunchLab in a simple CSV format via a Representational State Transfer (or RESTful) HTTP Application Programming Interface (API) endpoint. Clients can directly push data into this API endpoint or Azavea can support its use. CSV uploads contain column headers and basic attribute values, such as the location and time of an event. Formatted CSV files can also be uploaded directly via the HunchLab administrative user interface.
All features that can be configured within the HunchLab interface are available via the API. Analytic output can be pulled from the API and ingested into 3rd party mapping applications.
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
HunchLab offers a number of customization options to suit agencies with differing needs and resources. For the Predictive Missions module, which is standard for HunchLab, users are able to define event and covariate data sources for the crime risk forecasting models, define the geographic boundaries wherein the modeling will take place, and determine the crime classes that will compose each model. Users are also able to define crime model and patrol efficacy weights for the models, as well as the color scheme used to display modeling results (known as “missions”) on the map. The number and duration of shifts and the number of resources allocated to each shift can also be configured into the modeling process. Furthermore, HunchLab’s optional Sidekick interface leverages GPS-equipped devices for location-based risk display in the field.
Additional HunchLab modules are focused on multiple levels of agency performance. The HunchLab Advisor module enables users to engage in evidence-based policing through its Field Test, Experiment, and Adaptive Tactic initiatives, while the HunchLab Dashboard module ingests calls-for-service data and displays visualizations of key performance indicators in card-based widgets on an HDTV or monitor. Each module is priced separately.
|Independence of resources||Using the Amazon Web Services cloud infrastructure, servers are automatically started to handle increased system load when needed. The elasticity of the cloud not only enables Azavea to handle increases in user traffic, but also enables us to harness large quantities of computing power to run robust statistical models.|
|Service usage metrics||Yes|
|Metrics types||The HunchLab system keeps a running audit log of activity by users, including log-on attempts and information retrieval. These records are retained for at least 365 days. In addition, API requests or activities by officers in the field can be requested for a more granular view of overall usage. Azavea is currently building a real-time dashboard for HunchLab that will enable easy access to this information.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||Never|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Analytic outputs of HunchLab are available via our open API in standard formats such as GeoJSON and JSON. Analytic output can also be turned into PDF reports for export.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||During the Term of the HunchLab subscription, Azavea shall make commercially reasonable efforts to maintain the operation and availability of the application to the Customer at least 99.9% of the time as measured over the course of a calendar month. This SLA level corresponds with approximately 44 minutes of unplanned downtime per month. Scheduled downtime will not be included in these calculations but generally will amount to less than 1 hour per month.|
|Approach to resilience||
The HunchLab service is designed to be resilient to failure with redundancy built into the system architecture. The AWS platform upon which HunchLab is hosted provides robust services to maintain application availability even in the face of infrastructure failure. Within each AWS region, multiple availability zones allow an application to remain available even with the complete failure of an individual data center. Power and network connectivity systems are designed for redundancy with onsite backup power generation.
The HunchLab application is designed to use multiple availability zones within a region to provide availability even in the face of the loss of a complete zone. Availability zones are independent data centers within the region. The application is designed to survive the complete failure of an availability zone (a complete data center) without manual intervention by Azavea.
|Outage reporting||Azavea has implemented automatic monitoring of system uptime and incident alerts to provide timely resolution of system issues.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||
Access to system functionality is restricted based upon security roles. For instance, only a few users need administrative access to the system.
HunchLab can delegate credential management to 3rd party directory services such as Active Directory through the SAML standard. Additionally, HunchLab can provide a stand-alone authentication system that complies with both the standard authentication and advanced authentication specifications, such as 2-factor authentication using time-based tokens generated locally by mobile applications for mobile devices.
Additional costs may apply if Azavea is managing 2-factor authentication on behalf of the customer.
|Access restrictions in management interfaces and support channels||Azavea has a long history of handling sensitive law enforcement data sets. HunchLab is delivered as a secure cloud-based subscription service using Amazon Web Services (AWS). Root access to the management plane is secured via 2 factor authentication and stored offline in a secure location and not accessible by the day-to-day operations staff members working on the project. Day-to-day operations are secured with 2 factor authentication and cryptographic certificates.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Independent third-party auditor.|
|ISO/IEC 27001 accreditation date||November 11, 2016.|
|What the ISO/IEC 27001 doesn’t cover||This certification covers the Amazon Web Services environment and is not a certification of Azavea.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||An independent third-party evaluator certified HunchLab's AWS infrastructure.|
|PCI DSS accreditation date||July 1, 2016.|
|What the PCI DSS doesn’t cover||This certification covers the Amazon Web Services environment and is not a certification of Azavea. The AWS platform regularly passes third-party evaluations. AWS has achieved ISO 27001 certification and has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). AWS annually publishes SOC 1, 2 and 3 audits. AWS is also a FedRAMP Compliant Cloud Service Provider (CSP) with validation at the Moderate level. This validation covers both the regular US regions and the GovCloud region. AWS has been successfully evaluated at the FISMA Moderate level for US federal government systems as well as DIACAP Level 2 for US DoD systems.|
|Other security accreditations||Yes|
|Any other security accreditations||
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||No|
|Security governance approach||Azavea's security governance is not accredited. AWS provides the environment within which all Customer data is maintained and does conform to ISO 27001.|
|Information security policies and processes||By default, Azavea solely holds customer data within the AWS data center selected by the customer. This design minimizes the security surface of attacks. Access to this environment is restricted to cleared members of the development team and operations teams. Authentication credentials for root access to the management plane is kept in a secure, offline location and is only usable by high level personal not working on the project day to day. In terms of security, the development team and product management team reports to the Director of Operations and CEO.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||The code base for the application is in a source control system. Each modification to the code is reviewed by a second developer to improve quality and security. Continuous integration runs a suite of programmatic tests run against every modification of the code to prevent regressions. The application utilizes OS releases that are currently supported. OS security patches are applied upon each deployment of the software via golden images for machines. Other software packages on a regular basis based upon the severity of the patch. Testing occurs in a separate hosting account so that contact with client data is minimized.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||The Azavea Development Operations team and Product Management team keep abreast of security alerts provided by AWS and 3rd party services. Such vulnerabilities are examined for applicability to our infrastructure. When patches are necessary, the development team creates new golden images for deployment to the production environment and then deploys these new machine images. Some component services are fully managed by AWS and are patched automatically by AWS.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Azavea has implemented automatic monitoring of system uptime and incident alerts to provide timely resolution of system issues. In the event of a suspected or confirmed security breach, Azavea will proactively notify the law enforcement agency of the breach in a timely manner. Further, AWS has achieved ISO 27001 certification.|
|Incident management type||Supplier-defined controls|
|Incident management approach||The HunchLab service is designed to be resilient to failure with redundancy built into the system architecture. Azavea shall maintain a monitoring service external to the data center housing the equipment supporting the application and shall monitor the service with reasonable frequency and duration. Additionally, Azavea has implemented automatic monitoring of system uptime and incident alerts to provide timely resolution of system issues. In the event of a suspected or confirmed security breach, Azavea will proactively notify the law enforcement agency of the breach in a timely manner.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||Yes|
|Price||£45500 per instance per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||While a free version of HunchLab is not available, Azavea's pilot program enables customers to use HunchLab operationally with their own data for up to three months before deciding if a subscription is right for them. Azavea's Pricing document outlines reduced fees and associated terms for this option.|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|