Blue Lights Digital

Blue Lights Evolve - Workflow enabled digital Knowledge Solution

A mobile learning and operational reference solution delivering interactive, immersive multimedia digital training courses and resources.

Accredited continual professional development (CPD) for smartphone, tablets and the web enabling access to knowledge, procedures, policy and intelligence.

Scalable learning management system with RBAC admin rights, content design and publication and business insights.


  • Synchronised web and mobile access with Open Source EDX Framework
  • Identity Access Management (IAM) and Role Based Access Controls (RBAC)
  • Offline, local application content available across iOS, Android and Windows
  • Full interactive, automated, visualised, educational workflows with real time reporting
  • Online Leaning and courses with Continual Professional Development (CPD) accreditation
  • Scalable Learning Management System, either self-managed or managed service
  • Live Chat with SMEs, discussion and interactive user-focused features
  • Visual guides delivering legislation, standards, policy, guidance and workflow advice
  • Collaborative integration and design service available for new/updated content
  • COTS subscription content for cyber crime, digital investigation, cryptocurrency, drones


  • Enhance adoption and availability of policies and procedures across staff
  • Access to internal and external support teams and SMEs
  • Publish user-focused content, presentations and scenario driven educational resources
  • Deliver training, learning, professional development and policy through one application
  • Review progress on content completion and provides knowledge check function
  • Versatile learning management system providing per organisation and user insights
  • Secure platform via HTTPS SSL/TLS or dedicated mobile application
  • Achieve business insights through automated reporting and dashboard system
  • Control content deployment to individual users or groups through RBAC
  • Flexible pricing including Enterprise, PAYG or per user options


£5.000 per instance per month

  • Free trial available

Service documents


G-Cloud 11

Service ID

1 6 4 7 9 5 8 9 6 3 7 6 1 5 7


Blue Lights Digital

Matt Service


Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
Available on mobile across iOS, Android and Windows 10. No support for legacy Windows Mobile prior to Windows 8.1

The Evolve platform is routinely tested and verified on the current version and the previous version of each of these browsers. We generally encourage the use of, and fully support the latest version:
Microsoft Edge and Microsoft Internet Explorer 11
System requirements
  • If mobile deployment: devices with ability to distribute enterprise applications
  • If desktop deployment: current version of Explorer, Edge, Chrome, Firefox

User support

Email or online ticketing support
Email or online ticketing
Support response times
Toolset is Fresh Service
SLA's available are 1 hr - 8hr - next business day response.
We have dedicated e-mail and chat channels available 24/7
- Service options include 24/7 human support available Service Desk or remote.
- Mon - Fri 9-5 Service Desk or remote support
- Automated bot support available on chat channels only
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat is presented as intercom session within the Web Service or in App.
Web chat accessibility testing
None. Please ask if this is required and we will assist.
Onsite support
Yes, at extra cost
Support levels
Support is on a reasonable endeavour basis and is included in our pricing. Dedicated 'operational' support can be provided under our standard day rates for an investigating officer.

Technical developers can be provided to assist with data modelling, Data integration, Data Parsing, Data migration, API build, software integration, Network integration and automation under our standard day rates.
Support available to third parties

Onboarding and offboarding

Getting started
Onboarding for end users is provided from the Evolve system itself with an integrated welcome, solution tour and on boarding feature on first launch.

The UI and UX are designed for self provisioning. Content is navigated by breadcrumbs and visual pointers. The app has been UX tested for systems usability.

With all versions of Evolve the live chat support team are available to assist in system support and user issues.

On site training is provided for publishers and administrators in line with deployment preferences. Training can be provided in design, build and operation of Evolve content and reporting on organisation, group or individual user progress and performance.
Service documentation
Documentation formats
End-of-contract data extraction
Data is controlled by assigned data Czars who have overall rights over content and data within the system. Data Czar can be assigned as overall system administrators or with responsibility for individual content or data based upon RBAC. A data Czar can be the client, an appointed 3rd party or as a managed service.

Data Czars can publish, share, collaborate or delete data throughout the duration of the contract or on contract completion.

On content completion, any content contributed by the client or licensed by 3rd party individuals, companies and associates for use within the system remains the intellectual property of the client or third party and will be deleted by Blue Lights Digital.

Any content contributed and licensed by BLUE LIGHTS DIGITAL remains their intellectual property and the licence will cease removing access to users.
End-of-contract process
At the end of contract, unless extended the system subscription will lapse and no further updates will be provided to the platform or user accounts.

Access to the mobile apps and web service will be denied to frontend users.

Access will be retained for administrators and Data Czars for a period of 30 days at which point data will be deleted, unless otherwise stipulated or requested.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Bespoke mobile app designed for Evolve across iOS, Android and Windows 10 devices.

Access to content on mobile app is additionally available offline with content retained to be accessed on device without Wi-Fi or mobile data access.
Service interface
Customisation available
Description of customisation
Application features and functionality customisable on deployment based upon individual client preferences.

Content and workflows are updatable through RBAC portal by Web Services only with Identity Access Management applied.

Customer managed content can be updated and published to web and mobile users.

Live chat can be routed to internal or external subject matter experts as defined by the client during onboarding.


Independence of resources
Implemented load balancing. Clients can be allocated reserved instances for on demand scaling.

Live chat responses in application are on a best endeavours basis with a team scaled to meet peak interaction times.


Service usage metrics
Metrics types
Service usage metrics are available as standard or can be bespoke per deployment according to individual organisational requirements.

Metrics available include
- Transaction and usage by organisation
- Transaction and usage by individual account
- Usage of individual content blocks
- Usage separated between mobile and web access
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data that is exported directly from Evolve by an administrator or Data Czar is automated in a .csv format.

Blue Lights Digital can, on behalf of the client on request, extract and send data to the client in any standardised format of their choosing.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Availability of less than 99.95% but equal to or greater than 99.0% is guaranteed by a 10% service credit for failure to meet SLA.

Availability less than 99.0% is guaranteed by a 30% service credit for failure to meet SLA.
Approach to resilience
We utilise elastic load balancing, computing clusters, autoscaling and cloud flaring (DNS obfuscation) to add resilience to our cloud environments.
Outage reporting
Evolve has an integrated Service Page automated update to users of the platform which provides critical information and reduces inbound conversation volume for the support team by proactively surfacing critical outage information in the Evolve home screen.

Customers can then subscribe to updates (via email or live chat) directly to be alerted of any changes.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Access to the Evolve system is limited by leading Identity Access Management or alternatively username and password, supported by Two Factor Authentication.

RBAC controls ensure content is limited to deployment per account, group or organisation.

RBAC controlled administrative accounts restricting access to support channels, administrative functions, management reporting interfaces and content design and publication.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication
IP Whitelisting.

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Through Cyber Essentials and NCSC cloud principles.
Information security policies and processes
We use a shared responsibility model between customers and Blue Lights Digital. We operate, manage, and control the components at the operating system layer down to the physical security of the servers in which the services are provided (including updates and security patches), other associated application software, as well as the configuration of firewalls. ,

It is possible to enhance security and/or meet more stringent compliance requirements by leveraging technology such as host-based firewalls, host-based intrusion detection/ prevention, and encryption which can be requested by our clients at additional charges.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Any changes to our systems are first managed by impact and risk assessment. Any changes to architecture, software or network access is tested within a development environment before release to production. A production snapshot is available for roll back.

Security assessment is managed through in house pentesting an testing procedures. CHECK and CREST accredited pen testing is subject to additional charges.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
As part of our Cyber Essentials programme we practice identifying, classifying, remediating, and mitigating vulnerabilities.

We use vulnerability scanners to identify known vulnerabilities, such as open ports, insecure software configuration, and susceptibility to malware. For unknown vulnerabilities, such as a zero-day attacks we relay on updates to our vulnerability scanners such as OWASP ZAP. Vulnerability testing is also part of our test automation processes.

Correcting vulnerabilities involves the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.

We are active members of OWASP and CISP.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We license SiteLock TrueCode Static Application Security Testing (SAST) for source code analysis. Also known as "white-box" testing, TrueCode finds common vulnerabilities by analysing 100% of the source code in our applications without actually executing them, and adds critical layer of security by protecting our web applications.

Our SAST is automated to send alerts if a breach or malware is detected.
Incident management type
Supplier-defined controls
Incident management approach
The activities within our incident management process include:
Incident detection and recording
Classification and initial support based upon known errors and new events
Investigation and analysis
Resolution and record
Incident ownership, monitoring, tracking and communication

We report on incidents with a full disclosure policy to ensure any impact can be contained and a resolution is satisfactory to the end user.

Incident reports are provided by live chat or email to the end user depending on individual user preference.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)


£5.000 per instance per month
Discount for educational organisations
Free trial available
Description of free trial
Evolve as a platform is provided free from Blue Lights Digital to UK Government departments.

We will provide a 30 day free trial and supporting hardware to access both mobile and web application versions.

Access is limited to selected COTS content and not full system access.

Service documents

Return to top ↑