Axon Public Safety UK Limited

Axon Evidence Digital Evidence Management Software (DEMS) and Associated Software Applications

Axon Evidence is a comprehensive Digital Evidence Management System (DEMS) that streamlines data management and electronic sharing within one secure platform.

Our robust, cloud-based system not only stores your digital evidence (videos, audio, images, documents), but also provides advanced tools such as redactions, case building, transcriptions, sharing and integrations.

Features

  • Upload and manage data in any format, eliminate data silos
  • Automatically ingest Axon/TASER data, and manage devices
  • Annotate with custom metadata fields and free text tags
  • Intelligent, comprehensive search engine for all system entities
  • Secure, digital sharing to the Crown or other stakeholders
  • Audit and report on all system access, actions, entities, usage
  • Integrate with existing systems to complement operations
  • Active Directory integrated deployment, groups and reporting
  • Robust, automated and manual redaction tools
  • Collaboration, request access, and case management tools

Benefits

  • Dictate access to features and assets at a granular level
  • Configure automated tagging to trigger workflows (retention, access, search-ability)
  • Instant, cost-effective scaling of storage and resources
  • Multiple layers of redundancy across physically separate datacentres, disaster recovery
  • Preserve chain of custody, originals never altered, SHA-2 hash verification
  • Manage users, assets, devices, cases and metadata from one application
  • Playback, redact, transcribe, make clips, enhance within application; maintaining original
  • Sychronised playback up to four videos from multiple vantage points
  • Significant R&D incorporating ethical machine learning and artificial intelligence
  • Automated updates and improvements pushed monthly, early access options

Pricing

£50 to £365 a licence a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@axon.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

1 2 9 4 1 7 6 7 1 2 4 4 8 2 0

Contact

Axon Public Safety UK Limited Mike Ashby-Clarke
Telephone: 07583 738 073
Email: tenders@axon.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Axon Evidence is a standalone DEMS, however; it is intrinsically connected with Axon solutions such as body-worn and in-car cameras and interview room. Axon Evidence acts as the data repository, configuration, and management interface of these connected solutions. Axon supports bundling these solutions together with Axon Evidence licences, if desired.
Cloud deployment model
Community cloud
Service constraints
The only requirement for accessing Evidence.com is a modern web browser and internet connection. Connected & associated mobile software applications require current iOS or Android software.
System requirements
  • A modern web browser (supported browsers listed in service description)
  • Licence for application in accordance with provided service definition
  • Additional Add-On Features included in licences for access to them

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times vary based on the severity of the ticket.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
Axon provides a support guarantee in the form of a Service Level Agreement. This is a contractual commitment to customers in terms of application uptime (99.99%) and customer service response and resolution times. To prioritise support, Axon categorises issues into severity levels. Severity 1: Business critical function is down, Material impact to Customer's business, no workaround exists. Severity 2: Business critical function is impaired or degraded, there are time sensitive issues that materially impact ongoing production, Workaround exists, but it is only temporary. Severity 3: Non-critical function down or impaired, does not have significant current production impact, performance is degraded. Please see https://www.axon.com/axon-evidence-sla for details.

Axon provides a dedicated Account Manager (AM) with technical experience and access to systems engineers and other technical resources if needed. The AM is a post-deployment resource that will have comprehensive knowledge of the customer’s solution including all customisations. They are available for high level support and will serve as a liaison voicing customer feedback and comments to the Axon product teams. Using that feedback, we are able to adjust future developments, operations, and support strategies to ensure your ongoing satisfaction.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
A typical implementation will include interactive Train the Trainer sessions onsite. During initial project scoping a training workshop will take place that will allow Axon to create a custom training plan tailored to the customer’s desired use of the system. Training courses can be customised so users receive personalised training for their role. Axon will provide all system manuals, quick start guides, and training documents to the customer to use at their convenience for other training needs.

Additionally, Axon developed a platform available for training and refresher courses. Axon Academy is a comprehensive learning management system that brings together our product resources and our industry expertise to provide robust training and refresher resources. This ensures officers continue to operate the system confidently, and understand new functionality when available to incorporate them into your workflow to best improve your operations. Axon Academy provides e-learning modules, virtual training courses, and certification courses. These vary in length and include self-learning resources so users can go at their own pace.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Customers own their own data at all times, so data can be extracted at any point. This process can be facilitated in a number of ways including the bulk export feature native to the application. The simplest method for data/metadata migration is via system APIs.

Axon’s API manual will be made available upon request, which details steps for developers to follow for this contingency. Migration is secure and can be validated with the cryptographic hash applied to all assets stored in Axon Evidence ensuring there is no loss or corruption of data. Data is available for up to ninety (90) days to support migration to a new location. After this 90-day period or upon notification from customer, Axon will delete all customer content stored on Axon Evidence services. This deletion occurs on all media in which customer content is stored.
End-of-contract process
At the end of the contract an exit plan will commence. Axon’s support teams that are generally available to the customer will be available to support post-termination data retrieval including providing Axon’s API manual and support in use of the application’s native export tools at no additional cost. Additional support for migration such as Axon’s Data Migration Services, can be provided for an additional cost as described in the pricing sheet.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Axon Evidence is browser based, so it operates with the behaviour of the device running the browser. The application incorporates various web development styles to ensure all key information is visible logically regardless of the device used to access it.
Service interface
Yes
Description of service interface
User access to Axon Evidence is through a web interface accessed via standard web browsers. Axon products including Axon Cameras, mobile applications, desktop applications, and TASER interface with Axon Evidence over a standardised set of service APIs.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Axon has created the Axon Evidence Accessibility Conformance Report for the purpose of assessing Axon Evidence compliance with Web Content Accessibility Guidelines (WCAG). Axon's report covers the degree of conformance for WCAG 2.0 and U.S. Section 508 Standards. The report is available at https://www.axon.com/compliance
API
Yes
What users can and can't do using the API
The Axon Evidence Partner API is a toolkit of RESTful resources that provide programmatic read/write access to various endpoints. Axon Evidence API manual will be made available upon request, which details steps to develop an API client for an existing system. Additionally, Axon can provide professional services for the development of an API client allowing customers to set up integrations between their various systems and Axon Evidence. Depending on the nature and extent of the integration, Axon can set limitations and a change management plan for any changes that will be documented in a scope of work beforehand.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Axon Evidence is highly customisable to the needs and desired use of customers. Administrators have a dedicated interface where they can access administrative controls including configurations. Administrative controls are broken into sections: users, agency, devices, and security. All components of system access to content and features are configurable at a granular level in the form of role-based access control.

Organisations can create user roles and groups within the application, or integrate with their Active Directory enabling single sign on. It also supports automatic user provisioning via the System for Cross-domain Identity Management (SCIM) protocol for Azure Active Directory users. The application supports the creation of custom metadata fields to annotate and search digital assets, security settings such as password management and IP restrictions can all be customised all from the application’s interface. The Axon ecosystem supports connected hardware (TASERs, body cameras, in-car cameras, interview room solutions, etc.) that can all be connected to and configured from the application. The ability to configure or customise these components is a user right within the application, so customers can dictate who can customise.

Scaling

Independence of resources
Axon Evidence was designed and is operated to run as a multi-tenant hyper scalable cloud environment. Site reliability teams monitor system capacity and utilization to ensure users are not affected by the demand of others. The service is designed to quickly scale to meet increased utilization.

Analytics

Service usage metrics
Yes
Metrics types
Axon Evidence can display metrics on system usage by user, group, volume of data, data type (format), licences, types of information (organised by customisable metadata fields), device information (when connected with TASERs or Axon camera solutions). Axon Evidence provides dashboards, native reports, search result exports, and audit trails to detail system usage metrics.

Also, with Axon Performance - Police Forces can have reporting that proactively informs supervisors of officers in need - information that is always up to date in near-real time, enabling proactive & immediate responses.
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach
Evidence data at rest is protected with 256-bit AES encryption, multiple layers of redundancy, and stored in a geographically separate datacentre. Axon also has finely tuned web application firewalls, we leverage security intelligence tools for continuous monitoring, and deploy layers of defence to detect and react to any malicious activity. In addition to annual 'IT Health Check' performed by a CHECK service provider, Axon's security team oversees frequent vulnerability scans and penetration tests performed by experts and vetted third-party security firms. Regular updates and patches and pushed seamlessly ensuring data is safeguarded to the highest security standards.
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Customers own their own data, so data can be extracted at any point. This process can be facilitated in several ways including the bulk export feature native to the application. This is managed through the application’s interface and is subject to the roles and permissions configured by the customer. The simplest method for mass data/metadata migration is via system APIs. Axon’s API manual will be made available upon request, which details steps for developers to follow. Migration is secure and can be validated with the cryptographic hash applied to all assets stored in Axon Evidence.
Data export formats
  • CSV
  • Other
Other data export formats
Data is exported in its original format
Data import formats
  • CSV
  • Other
Other data import formats
All standard data formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Data Encryption in Transit:

- FIPS 140-2 validated: Axon Cryptographic Module (cert #2878)
- TLS 1.2 implementation with 256-bit connection, RSA 2048 bit key, Perfect Forward Secrecy
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
The internal network is segmented into subnets, which are designed and configured to only allow for traffic for required services.

Availability and resilience

Guaranteed availability
Axon is committed to making Axon Evidence available at least 99.99% of the time, with different tiers of service credits offered in relation to the uptime percentage achieved. For more information on our service level commitments, please see https://www.axon.com/axon-evidence-sla.
Approach to resilience
Axon Evidence leverages infrastructure as a service (IaaS) cloud providers and additional layers of resiliency and redundancy measures on top of these services to provide application resiliency including geographic, connectivity, hardware, and data failover.
Outage reporting
Axon Evidence is monitored by a dedicated site reliability team to identify outages or degradation to services. If a significant outage occurs, Axon will initiate an email to system administrators in affected regions. Email updates will be provided through outage resolution.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
As an additional level of authentication, customers can specify IP addresses and ranges of IP addresses authorised to access their Axon Evidence tenant. Axon Evidence supports this functionality through the application interface simplifying management and allowing customers to adjust these as necessary. With IP restrictions enabled, customers are still required to authenticate using credentials.
Access restrictions in management interfaces and support channels
Access to assets and functions is granularly defined at the role level by customers. The system has a dynamic interface, so users will only see the functions they have access to. For example, a user without Administrator permissions, will not see the “Admin” tab. When searching for assets, users can view only limited text fields of files they do not have access to. This enables a “request access” feature controlling duration and what the user can do with the asset.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Description of management access authentication
As an additional level of authentication, customers can specify IP addresses and ranges of IP addresses authorised to their Axon Evidence tenant.

Axon Evidence supports this functionality through the application interface simplifying management and allowing customers to adjust these as necessary. With IP restrictions enabled, customers are still required to authenticate using credentials.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
EY CertifyPoint
ISO/IEC 27001 accreditation date
20/11/2015
What the ISO/IEC 27001 doesn’t cover
To review certification and scoping, please see https://www.axon.com/compliance
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
20/12/2017
CSA STAR certification level
Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover
To review certification and scoping, please see https://www.axon.com/compliance
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • ISO/IEC 27018:2014 Certified
  • Cyber Essentials Certified
  • AICPA SOC 2 Type II reporting

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards
-ISO/IEC 27001:2013 Certified

-ISO/IEC 27018:2014 Certified

-CSA STAR Attestation

-UK Cloud Security Principles

-Cyber Essentials Certified

-AICPA SOC 2 Type 2 reporting

We are continually building our compliance and trust program, please see our website for a comprehensive list: https://www.axon.com/compliance
Information security policies and processes
Axon has a dedicated Information Security department, lead at the executive level by our Chief Information Security Officer (CISO). A team of security analysts, engineers, and compliance specialists maintain our information security policies, programs and processes to ensure the ongoing effectiveness and improvement of Axon's Information Security Management System (ISMS).

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Axon maintains configuration and change management procedures to ensure all changes to the Axon Evidence service are carried out in a planned, well-documented, repeatable, and authorised manner for the application and its supporting infrastructure.

Procedures are implemented to define the development and lifecycle of products and to ensure all changes adhere to the Axon policies and procedures. Development of new features, products and major changes to Axon Evidence follow a Secure System Development lifecycle. Axon Change Management Procedures are implemented which outline change authorization processes including ISO 9001 compliant Quality Assurance (QA) testing and approval requirements.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Axon conducts regular vulnerability assessments to improve Axon Evidence and Axon security controls and processes. Identification programs for Axon Evidence include frequent vulnerability scans and penetration tests performed by highly specialised teams and vetted by third-party security firms, including an annual IT Health Check. All identified vulnerabilities are evaluated by the Axon Information Security team, assigned risk and remediation time frames, and tracked through remediation. Axon also maintains a system patching policy, which establishes requirements for timely patching of software. Threats are identified and managed by a dedicated Axon security operations team.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Axon has deployed protective monitoring that adheres to National Cyber Security Centre (NCSC) guidance for security monitoring. Axon leverages a suite of technologies to collect, aggregate, monitor and analyse security logs and track the ongoing effectiveness of protective security measures.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Axon has deployed incident management processes that include multi-step incident response procedures and instructions for incident notification. Steps include incident identification, containment, eradication, recovery and post incident analysis.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
Public Services Network (PSN)

Pricing

Price
£50 to £365 a licence a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
We can create a dedicated demo account with full functionality. We offer bespoke trial scopes and periods depending on your organisation's needs.
Link to free trial
Please contact maclarke@axon.com

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@axon.com. Tell them what format you need. It will help if you say what assistive technology you use.