Blue Lights Evolve - Workflow enabled digital Knowledge Solution
A mobile learning and operational reference solution delivering interactive, immersive multimedia digital training courses and resources.
Accredited continual professional development (CPD) for smartphone, tablets and the web enabling access to knowledge, procedures, policy and intelligence.
Scalable learning management system with RBAC admin rights, content design and publication and business insights.
- Synchronised web and mobile access with Open Source EDX Framework
- Identity Access Management (IAM) and Role Based Access Controls (RBAC)
- Offline, local application content available across iOS, Android and Windows
- Full interactive, automated, visualised, educational workflows with real time reporting
- Online Leaning and courses with Continual Professional Development (CPD) accreditation
- Scalable Learning Management System, either self-managed or managed service
- Live Chat with SMEs, discussion and interactive user-focused features
- Visual guides delivering legislation, standards, policy, guidance and workflow advice
- Collaborative integration and design service available for new/updated content
- COTS subscription content for cyber crime, digital investigation, cryptocurrency, drones
- Enhance adoption and availability of policies and procedures across staff
- Access to internal and external support teams and SMEs
- Publish user-focused content, presentations and scenario driven educational resources
- Deliver training, learning, professional development and policy through one application
- Review progress on content completion and provides knowledge check function
- Versatile learning management system providing per organisation and user insights
- Secure platform via HTTPS SSL/TLS or dedicated mobile application
- Achieve business insights through automated reporting and dashboard system
- Control content deployment to individual users or groups through RBAC
- Flexible pricing including Enterprise, PAYG or per user options
£5.000 per instance per month
- Free trial available
Blue Lights Digital
|Software add-on or extension||No|
|Cloud deployment model||
Available on mobile across iOS, Android and Windows 10. No support for legacy Windows Mobile prior to Windows 8.1
The Evolve platform is routinely tested and verified on the current version and the previous version of each of these browsers. We generally encourage the use of, and fully support the latest version:
Microsoft Edge and Microsoft Internet Explorer 11
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Toolset is Fresh Service
SLA's available are 1 hr - 8hr - next business day response.
We have dedicated e-mail and chat channels available 24/7
- Service options include 24/7 human support available Service Desk or remote.
- Mon - Fri 9-5 Service Desk or remote support
- Automated bot support available on chat channels only
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Yes, at an extra cost|
|Web chat support availability||24 hours, 7 days a week|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||Web chat is presented as intercom session within the Web Service or in App.|
|Web chat accessibility testing||None. Please ask if this is required and we will assist.|
|Onsite support||Yes, at extra cost|
Support is on a reasonable endeavour basis and is included in our pricing. Dedicated 'operational' support can be provided under our standard day rates for an investigating officer.
Technical developers can be provided to assist with data modelling, Data integration, Data Parsing, Data migration, API build, software integration, Network integration and automation under our standard day rates.
|Support available to third parties||No|
Onboarding and offboarding
Onboarding for end users is provided from the Evolve system itself with an integrated welcome, solution tour and on boarding feature on first launch.
The UI and UX are designed for self provisioning. Content is navigated by breadcrumbs and visual pointers. The app has been UX tested for systems usability.
With all versions of Evolve the live chat support team are available to assist in system support and user issues.
On site training is provided for publishers and administrators in line with deployment preferences. Training can be provided in design, build and operation of Evolve content and reporting on organisation, group or individual user progress and performance.
|End-of-contract data extraction||
Data is controlled by assigned data Czars who have overall rights over content and data within the system. Data Czar can be assigned as overall system administrators or with responsibility for individual content or data based upon RBAC. A data Czar can be the client, an appointed 3rd party or as a managed service.
Data Czars can publish, share, collaborate or delete data throughout the duration of the contract or on contract completion.
On content completion, any content contributed by the client or licensed by 3rd party individuals, companies and associates for use within the system remains the intellectual property of the client or third party and will be deleted by Blue Lights Digital.
Any content contributed and licensed by BLUE LIGHTS DIGITAL remains their intellectual property and the licence will cease removing access to users.
At the end of contract, unless extended the system subscription will lapse and no further updates will be provided to the platform or user accounts.
Access to the mobile apps and web service will be denied to frontend users.
Access will be retained for administrators and Data Czars for a period of 30 days at which point data will be deleted, unless otherwise stipulated or requested.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
Bespoke mobile app designed for Evolve across iOS, Android and Windows 10 devices.
Access to content on mobile app is additionally available offline with content retained to be accessed on device without Wi-Fi or mobile data access.
|Description of customisation||
Application features and functionality customisable on deployment based upon individual client preferences.
Content and workflows are updatable through RBAC portal by Web Services only with Identity Access Management applied.
Customer managed content can be updated and published to web and mobile users.
Live chat can be routed to internal or external subject matter experts as defined by the client during onboarding.
|Independence of resources||
Implemented load balancing. Clients can be allocated reserved instances for on demand scaling.
Live chat responses in application are on a best endeavours basis with a team scaled to meet peak interaction times.
|Service usage metrics||Yes|
Service usage metrics are available as standard or can be bespoke per deployment according to individual organisational requirements.
Metrics available include
- Transaction and usage by organisation
- Transaction and usage by individual account
- Usage of individual content blocks
- Usage separated between mobile and web access
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
Data that is exported directly from Evolve by an administrator or Data Czar is automated in a .csv format.
Blue Lights Digital can, on behalf of the client on request, extract and send data to the client in any standardised format of their choosing.
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
Availability of less than 99.95% but equal to or greater than 99.0% is guaranteed by a 10% service credit for failure to meet SLA.
Availability less than 99.0% is guaranteed by a 30% service credit for failure to meet SLA.
|Approach to resilience||We utilise elastic load balancing, computing clusters, autoscaling and cloud flaring (DNS obfuscation) to add resilience to our cloud environments.|
Evolve has an integrated Service Page automated update to users of the platform which provides critical information and reduces inbound conversation volume for the support team by proactively surfacing critical outage information in the Evolve home screen.
Customers can then subscribe to updates (via email or live chat) directly to be alerted of any changes.
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
Access to the Evolve system is limited by leading Identity Access Management or alternatively username and password, supported by Two Factor Authentication.
RBAC controls ensure content is limited to deployment per account, group or organisation.
RBAC controlled administrative accounts restricting access to support channels, administrative functions, management reporting interfaces and content design and publication.
|Access restriction testing frequency||At least once a year|
|Management access authentication||
|Description of management access authentication||IP Whitelisting.|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||Through Cyber Essentials and NCSC cloud principles.|
|Information security policies and processes||
We use a shared responsibility model between customers and Blue Lights Digital. We operate, manage, and control the components at the operating system layer down to the physical security of the servers in which the services are provided (including updates and security patches), other associated application software, as well as the configuration of firewalls. ,
It is possible to enhance security and/or meet more stringent compliance requirements by leveraging technology such as host-based firewalls, host-based intrusion detection/ prevention, and encryption which can be requested by our clients at additional charges.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Any changes to our systems are first managed by impact and risk assessment. Any changes to architecture, software or network access is tested within a development environment before release to production. A production snapshot is available for roll back.
Security assessment is managed through in house pentesting an testing procedures. CHECK and CREST accredited pen testing is subject to additional charges.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
As part of our Cyber Essentials programme we practice identifying, classifying, remediating, and mitigating vulnerabilities.
We use vulnerability scanners to identify known vulnerabilities, such as open ports, insecure software configuration, and susceptibility to malware. For unknown vulnerabilities, such as a zero-day attacks we relay on updates to our vulnerability scanners such as OWASP ZAP. Vulnerability testing is also part of our test automation processes.
Correcting vulnerabilities involves the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.
We are active members of OWASP and CISP.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
We license SiteLock TrueCode Static Application Security Testing (SAST) for source code analysis. Also known as "white-box" testing, TrueCode finds common vulnerabilities by analysing 100% of the source code in our applications without actually executing them, and adds critical layer of security by protecting our web applications.
Our SAST is automated to send alerts if a breach or malware is detected.
|Incident management type||Supplier-defined controls|
|Incident management approach||
The activities within our incident management process include:
Incident detection and recording
Classification and initial support based upon known errors and new events
Investigation and analysis
Resolution and record
Incident ownership, monitoring, tracking and communication
We report on incidents with a full disclosure policy to ensure any impact can be contained and a resolution is satisfactory to the end user.
Incident reports are provided by live chat or email to the end user depending on individual user preference.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||Yes|
|Price||£5.000 per instance per month|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||
Evolve as a platform is provided free from Blue Lights Digital to UK Government departments.
We will provide a 30 day free trial and supporting hardware to access both mobile and web application versions.
Access is limited to selected COTS content and not full system access.