Blue Lights Digital

Blue Lights Evolve - Workflow enabled digital Knowledge Solution

A mobile learning and operational reference solution delivering interactive, immersive multimedia digital training courses and resources.

Accredited continual professional development (CPD) for smartphone, tablets and the web enabling access to knowledge, procedures, policy and intelligence.

Scalable learning management system with RBAC admin rights, content design and publication and business insights.

Features

  • Synchronised web and mobile access with Open Source EDX Framework
  • Identity Access Management (IAM) and Role Based Access Controls (RBAC)
  • Offline, local application content available across iOS, Android and Windows
  • Full interactive, automated, visualised, educational workflows with real time reporting
  • Online Leaning and courses with Continual Professional Development (CPD) accreditation
  • Scalable Learning Management System, either self-managed or managed service
  • Live Chat with SMEs, discussion and interactive user-focused features
  • Visual guides delivering legislation, standards, policy, guidance and workflow advice
  • Collaborative integration and design service available for new/updated content
  • COTS subscription content for cyber crime, digital investigation, cryptocurrency, drones

Benefits

  • Enhance adoption and availability of policies and procedures across staff
  • Access to internal and external support teams and SMEs
  • Publish user-focused content, presentations and scenario driven educational resources
  • Deliver training, learning, professional development and policy through one application
  • Review progress on content completion and provides knowledge check function
  • Versatile learning management system providing per organisation and user insights
  • Secure platform via HTTPS SSL/TLS or dedicated mobile application
  • Achieve business insights through automated reporting and dashboard system
  • Control content deployment to individual users or groups through RBAC
  • Flexible pricing including Enterprise, PAYG or per user options

Pricing

£5.000 per instance per month

  • Free trial available

Service documents

G-Cloud 11

164795896376157

Blue Lights Digital

Matt Service

01223919607

matt@bluelightsdigital.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints Available on mobile across iOS, Android and Windows 10. No support for legacy Windows Mobile prior to Windows 8.1

The Evolve platform is routinely tested and verified on the current version and the previous version of each of these browsers. We generally encourage the use of, and fully support the latest version:
Chrome
Safari
Firefox
Microsoft Edge and Microsoft Internet Explorer 11
System requirements
  • If mobile deployment: devices with ability to distribute enterprise applications
  • If desktop deployment: current version of Explorer, Edge, Chrome, Firefox

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Toolset is Fresh Service
SLA's available are 1 hr - 8hr - next business day response.
We have dedicated e-mail and chat channels available 24/7
- Service options include 24/7 human support available Service Desk or remote.
- Mon - Fri 9-5 Service Desk or remote support
- Automated bot support available on chat channels only
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Yes, at an extra cost
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Web chat is presented as intercom session within the Web Service or in App.
Web chat accessibility testing None. Please ask if this is required and we will assist.
Onsite support Yes, at extra cost
Support levels Support is on a reasonable endeavour basis and is included in our pricing. Dedicated 'operational' support can be provided under our standard day rates for an investigating officer.

Technical developers can be provided to assist with data modelling, Data integration, Data Parsing, Data migration, API build, software integration, Network integration and automation under our standard day rates.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Onboarding for end users is provided from the Evolve system itself with an integrated welcome, solution tour and on boarding feature on first launch.

The UI and UX are designed for self provisioning. Content is navigated by breadcrumbs and visual pointers. The app has been UX tested for systems usability.

With all versions of Evolve the live chat support team are available to assist in system support and user issues.

On site training is provided for publishers and administrators in line with deployment preferences. Training can be provided in design, build and operation of Evolve content and reporting on organisation, group or individual user progress and performance.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Data is controlled by assigned data Czars who have overall rights over content and data within the system. Data Czar can be assigned as overall system administrators or with responsibility for individual content or data based upon RBAC. A data Czar can be the client, an appointed 3rd party or as a managed service.

Data Czars can publish, share, collaborate or delete data throughout the duration of the contract or on contract completion.

On content completion, any content contributed by the client or licensed by 3rd party individuals, companies and associates for use within the system remains the intellectual property of the client or third party and will be deleted by Blue Lights Digital.

Any content contributed and licensed by BLUE LIGHTS DIGITAL remains their intellectual property and the licence will cease removing access to users.
End-of-contract process At the end of contract, unless extended the system subscription will lapse and no further updates will be provided to the platform or user accounts.

Access to the mobile apps and web service will be denied to frontend users.

Access will be retained for administrators and Data Czars for a period of 30 days at which point data will be deleted, unless otherwise stipulated or requested.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Bespoke mobile app designed for Evolve across iOS, Android and Windows 10 devices.

Access to content on mobile app is additionally available offline with content retained to be accessed on device without Wi-Fi or mobile data access.
Service interface No
API No
Customisation available Yes
Description of customisation Application features and functionality customisable on deployment based upon individual client preferences.

Content and workflows are updatable through RBAC portal by Web Services only with Identity Access Management applied.

Customer managed content can be updated and published to web and mobile users.

Live chat can be routed to internal or external subject matter experts as defined by the client during onboarding.

Scaling

Scaling
Independence of resources Implemented load balancing. Clients can be allocated reserved instances for on demand scaling.

Live chat responses in application are on a best endeavours basis with a team scaled to meet peak interaction times.

Analytics

Analytics
Service usage metrics Yes
Metrics types Service usage metrics are available as standard or can be bespoke per deployment according to individual organisational requirements.

Metrics available include
- Transaction and usage by organisation
- Transaction and usage by individual account
- Usage of individual content blocks
- Usage separated between mobile and web access
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data that is exported directly from Evolve by an administrator or Data Czar is automated in a .csv format.

Blue Lights Digital can, on behalf of the client on request, extract and send data to the client in any standardised format of their choosing.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Availability of less than 99.95% but equal to or greater than 99.0% is guaranteed by a 10% service credit for failure to meet SLA.

Availability less than 99.0% is guaranteed by a 30% service credit for failure to meet SLA.
Approach to resilience We utilise elastic load balancing, computing clusters, autoscaling and cloud flaring (DNS obfuscation) to add resilience to our cloud environments.
Outage reporting Evolve has an integrated Service Page automated update to users of the platform which provides critical information and reduces inbound conversation volume for the support team by proactively surfacing critical outage information in the Evolve home screen.

Customers can then subscribe to updates (via email or live chat) directly to be alerted of any changes.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access to the Evolve system is limited by leading Identity Access Management or alternatively username and password, supported by Two Factor Authentication.

RBAC controls ensure content is limited to deployment per account, group or organisation.

RBAC controlled administrative accounts restricting access to support channels, administrative functions, management reporting interfaces and content design and publication.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication IP Whitelisting.

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Through Cyber Essentials and NCSC cloud principles.
Information security policies and processes We use a shared responsibility model between customers and Blue Lights Digital. We operate, manage, and control the components at the operating system layer down to the physical security of the servers in which the services are provided (including updates and security patches), other associated application software, as well as the configuration of firewalls. ,

It is possible to enhance security and/or meet more stringent compliance requirements by leveraging technology such as host-based firewalls, host-based intrusion detection/ prevention, and encryption which can be requested by our clients at additional charges.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Any changes to our systems are first managed by impact and risk assessment. Any changes to architecture, software or network access is tested within a development environment before release to production. A production snapshot is available for roll back.

Security assessment is managed through in house pentesting an testing procedures. CHECK and CREST accredited pen testing is subject to additional charges.
Vulnerability management type Supplier-defined controls
Vulnerability management approach As part of our Cyber Essentials programme we practice identifying, classifying, remediating, and mitigating vulnerabilities.

We use vulnerability scanners to identify known vulnerabilities, such as open ports, insecure software configuration, and susceptibility to malware. For unknown vulnerabilities, such as a zero-day attacks we relay on updates to our vulnerability scanners such as OWASP ZAP. Vulnerability testing is also part of our test automation processes.

Correcting vulnerabilities involves the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.

We are active members of OWASP and CISP.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We license SiteLock TrueCode Static Application Security Testing (SAST) for source code analysis. Also known as "white-box" testing, TrueCode finds common vulnerabilities by analysing 100% of the source code in our applications without actually executing them, and adds critical layer of security by protecting our web applications.

Our SAST is automated to send alerts if a breach or malware is detected.
Incident management type Supplier-defined controls
Incident management approach The activities within our incident management process include:
Incident detection and recording
Classification and initial support based upon known errors and new events
Investigation and analysis
Resolution and record
Incident ownership, monitoring, tracking and communication

We report on incidents with a full disclosure policy to ensure any impact can be contained and a resolution is satisfactory to the end user.

Incident reports are provided by live chat or email to the end user depending on individual user preference.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)

Pricing

Pricing
Price £5.000 per instance per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Evolve as a platform is provided free from Blue Lights Digital to UK Government departments.

We will provide a 30 day free trial and supporting hardware to access both mobile and web application versions.

Access is limited to selected COTS content and not full system access.

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Terms and conditions
Service documents
Return to top ↑