Found ltd

Found.cloud

Found provides the most efficient lost property management solution available for both businesses and the public.

Found's innovative App suite uses sophisticated software including photo recognition technology to automatically match lost and found items, which drastically speeds up the process of reporting and repatriating found items.

Features

  • App based Available on any IOS or Android enabled handset
  • Additional admin panel for call handlers / LPO offices
  • Uses market leading photo recognition to identify Items
  • Uses an A.I. engine that learns as items are registered.
  • A searchable database across multiple organisations (organisation dependant)

Benefits

  • Reduces lost and Found calls
  • Significant reduction in LPO time requirements
  • Removes paper record requirements
  • Full audit capability
  • Full permissions controls

Pricing

£0 to £0 per licence

  • Free trial available

Service documents

G-Cloud 11

910709041516143

Found ltd

Andrew Ogier

+44 7911722892

andrew@found.cloud

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints There are Service Level and Support Agreements in place to ensure that constraints in usage are avoided.
System requirements
  • Internet browser
  • Internet connection
  • A digital camera (optional)
  • Printer connectivity (If the courier returns option is selected)
  • An Android or IOS enabled handheld device

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 9-5 UK time, Monday - Friday with additional support available 24/7/365
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support No
Web chat support No
Onsite support Yes, at extra cost
Support levels Support is included with subscription.

Onsite work, hardware installs and associated on site activities are charged at a pre arranged fee or hourly rate on a case by case basis.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Via online instructions
Service documentation No
End-of-contract data extraction Via CSV export
End-of-contract process Log in access is removed for all users should the contract not be extended, however access can be reinstated whenever required. Any data is kept inline with GDPR.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Accessing the service through either a mobile or desktop browser allows use of the same functions.

There is dedicated app for both Android and IOS enabled handheld devices that can be used in conjunction with the browser based service or as a standalone option.
API Yes
What users can and can't do using the API API's can be used to integrate Found's software with third party software.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment No
Customisation available Yes
Description of customisation Found can integrate with third party software (subject to feasibility)

Scaling

Scaling
Independence of resources Additional capacity is automatically added on demand as required.

Analytics

Analytics
Service usage metrics Yes
Metrics types Log in and registration by user. Other metrics are being added on a regular basis.
Reporting types Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach CSV export
Data export formats CSV
Data import formats Other
Other data import formats
  • Via the App
  • Via the website

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99.95% with service credits for SLA breaches.
Approach to resilience Found is hosted within AWS Ireland using AWS best practice serverless deployments and mutisite ie. multiple AWS availability zones for added resiliency. This means that if a whole AWS data centre goes down, Found will still be available within another AWS data centre AWS itself operates as a Tier3+ data centre.

The database is hosted by Mongo within AWS and using highly available, resilient configuration of three availability zones with a 99.995% SLA.

Backups are automatically provided by the fully managed backup service with continuous, consistent backups and point-in-time recovery.
Outage reporting Outage reporting via email, users can also monitor Found.cloud for availability.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels All users are individually identified and authenticated.

Roles based access is in place and is a top down process. Users can only access data based on their assigned roles.

Searchable data is restricted based on the organisation and requirements.

Direct access to the database is not permitted to anyone outside of Found.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Accreditation via provider
PCI DSS accreditation date Accreditation via provider
What the PCI DSS doesn’t cover Accreditation via provider
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Self assessed inline with typical expected standards
Information security policies and processes Found has internal policies based around the 3 principals of Confidentiality, Integrity and Availability.

The policy outlines the following points in detail;
- User access controls & authorisations
- The keeping of resource access logs
- The reporting of access violations
- The classification of sensitive information
- GDPR, Data Protection, Media storage and Data transfer policies
- Security awareness
- Responsibilities for Information security
- Links to relevant legislation

Full policy available upon request

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Found's tech team undertake a fully documented approach to configuration and change management. All actions are recorded, reviewed for security and implemented using best practice.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Found use managed AWS services where we don't have access to the host machines, these are automatically patched by the provider. AWS Inspector is run weekly on the environment and automatically detects and reports on CVEs.

In addition, security notifications from multiple sources are actively monitored for relevant security/patch alerts. Components will be proactively patched if an alert is deemed to be relevant.

Monitored alerts:

**- Operating System Providers:**

- Ubuntu
https://usn.ubuntu.com/usn/rss.xml

- Microsoft
https://technet.microsoft.com/en-us/security/rss/advisory

- Apple
https://lists.apple.com/rss/security-announce.rss

**- Service Providers:**

- - Amazon Web Services:
https://aws.amazon.com/security/security-bulletins/feed/
- - Microsoft Azure
https://technet.microsoft.com/en-us/security/rss/advisory

**- General/Aggregated:**

- National ​Vulnerability​ Database
https://static.nvd.nist.gov/feeds/xml/cve/misc/nvd-rss-analyzed.xml
Protective monitoring type Supplier-defined controls
Protective monitoring approach Found primarily use AWS GuardDuty for automated threat detection. Found are notified whenever suspicious activity is detected and the appropriate action for the type of threat is then taken.
Incident management type Supplier-defined controls
Incident management approach Users can report incidents to our support team via email. These are ticketed, reviewed and ranked for severity. These are then investigated and analysed in line with our policies and once resolved satisfactorily reported back to users by way of email. Incident reports are available by way of a full copy of the incident ticket.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Public Services Network (PSN)

Pricing

Pricing
Price £0 to £0 per licence
Discount for educational organisations No
Free trial available Yes
Description of free trial Www.found.cloud

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑