Blackthorn ASC


A Range of Problems
CIA and Accountability
Main Features
A central, high integrity repository for data collected through proactive & reactive processes across the organization.
Structured (object-based) method for recording, analyzing and reporting on all aspects of  proactive & reactive activities, building a rich knowledge base.
Proactive & Reactive data automatically cross-correlated with subject -based risk models enabling close to ‘real-time’ view of risk.
A workflow, enabling templating of repeatable & reliable processes.
Web-based architecture (asp.net). A True SaaS application
Hi-Integrity Data Recording
Maintaining Data Quality
All time is resolved to UTC. Users can choose their time

Many functions are one-way i.e. log entries cannot be edited once they are committed to the system

Every action in Blackthorn generates seccure audit trail (config. and proactive /reactive activity management). Even "reads"!

Uploaded evidential items are hashed

A decision log is created through mandatory log prompts

Custom fields supported through a structured "re-use" drag-drop interface which complies with the object construct

Use the Z-Crypto module to encrypt the SQL Server tables
$$
Industry surveys are flawed because their source data is inaccurate:

Most organisations surveyed do not have a formal process for recording and managing sensitive activities
RBAC
Objects
Blackthorn Interfaces
4 main data interfaces;
HTTP/XML through web page feeds
API (web service) using IODEF
Email trap
SYSLOGS
Thank You!
Neil HB
neilhb@qccis.com
Case Study
With as little user time spent in the system as possible
Risk models can be adjusted depending on the results of assessment meetings
Example:

1.Build a generic (template) model for a Child at Risk (CaR)
2.Clone that model for each actual CaR
3.Use results of core assessment meetings to tailor each model
4.Perform proactive activities; care visits, assessments etc.
5.See how the results from each visit affect the model
6.Respond to incidents involving each CaR
7.See how these incidents affect the model (and poss models of
  other children in the same family
Z
Situation at present with Blackthorn ASC
Software fully developed
First SME visits (Ex-Met DS CAIT, Manager, London SSD)
Used LCPP for source:
Activity categories
Common terms
High level workflow
SMEs to give practical view
What we are looking for now...
First LA to Pilot!
with whom we can work closely with SSD to get it right!
Core Support Group
So..what can Blackthorn ASC do for ECC?
Enable you to manage all Child Care and Adult Care activities (proactive & reactive) effectively
Enable you to model risk on defined subjects (children and/or adults) and have that process integrated with your P&R activities
Enable you to create whole new activities in other related areas;
Screening activities
Data protection & FoI
Occupational Health & Safety
What is YOI-YIO?
A new way of assessing operational risk

Combines qualitative assessment with empirical data from Proactive and Reactive activities

Stands for “Your Outside [looking] In – Your Inside [looking] Out”

It is a risk assessment technique that can be applied to any area of operational risk:
Physical Security – even Battlefield
Health & Safety and Protecting Children
IT & Information Security
Environmental

Yoi-Yio is designed to combine data from 2 different views
An attackers view
A protectors view
Yoi-Yio uses metrics which are qualitative and data feeds from reactive & proactive activity records which add a quantitative aspect

Yoi-Yio enables risk models to be compared with risk experience to provide views of real-time risk and to assess safeguard (control) effectiveness
Build Effective Risk Models
Lack of Accountability
Over Complexity
Poor Oversight
Weak Risk Assessment
Poor internal/external Communications
Lack of Information Integrity
Blackthorn is a 3-C Solution
Communication
Collaboration
Confidence
Blackthorn for 
Advanced Social Care 

Managing Proactive & Reactive Activities and Subject Risk 
About QCC
Intro to Blackthorn
Established 1996
Formed by ex-Met Police – Computer Crime & TSU
4 Parts to business
Blackthorn™
Digital Forensics (mainly law enforcement)
Security & Risk Management
Training
Work around the world
41 staff, growing by 25% p.a.
3 UK Offices, 1 Australia, 1 Mauritius
History

Originally an Access Database called ‘SID’ developed for UK govmt office in 2001

Re-written as a web-app in 2004 as version 2

Development considerably driven by User Group

Version 3.1 included Workflow and Risk Modelling

Early 2009 - v4 supports ANY Proactive and/or Reactive activity

Blackthorn v5 launched December 09’ with both client installed and QCC hosted (SaaS) options

Blackthorn ASC concept developed in 2009
Terms
Proactive
Any process or set of actions which seek to identify and quantify risk and fortify to avert or reduce harm or loss. Examples; Assessments, Reviews, Audits, Accreditations etc.
Reactive
any process or set of actions which seek to reduce harm or loss once risk has been experienced. Examples; Incidents, Cases, Crises, Investigations etc.
P&R
POSITIVE ASSURANCE
What is Confidence??
Flow-Chart Logic - drag-drop to build 
QCC Mission
To reduce the role and influence of the ‘Middle’ office
Implement new tools to enable innovation in thinking and working Practices
Drive Down
Capital Cost
"The Middle Office"
S
What is ...
A place where beaurocracy and duplication leads to the high cost and...
L
O
W
RESPONSES
Where there is a lack of empirical data on which new choices can be made through information and knowledge leading inevitably to...
onfidentiality
ntegrity
vailability
"Talk to anything"