Calla Technology Limited

Calla Account on the Cloud

Calla Cloud lets you safely store videos in your online account. Only you can access these videos by logging into your Calla account. Calla Cloud features enable you to manage and share videos securely, without worrying about storage.


  • Upload and manage video files
  • Share video files securely with colleagues or external partners
  • Take clippings and snapshot of video footage
  • Auto uploader as a service; direct upload to cloud
  • Secure audit trail
  • Automated redaction
  • Active directory integration
  • Custom user roles, permissions and retention policies
  • Access your Calla Cloud account securely anywhere using any device
  • Sophisticated reporting tools to aid evidence management


  • Seamlessly and securely share video online with teams/externally
  • Simple and easy to use, automated redaction overcomes privacy concerns
  • Manage data protection requirements with tamper proof audit trail
  • Easily set up users and control permissions
  • Scalable and cost-effective Cloud storage solutions
  • Automatic access to feature updates
  • Directly upload files to your Calla account
  • Advanced search features to find files easily
  • Intuitive playback controls to review video
  • Categorise files, add tags and notes to aid video management


£15 to £89 per licence per month

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

1 8 2 8 6 9 0 0 5 9 0 9 5 3 6


Calla Technology Limited

Ellie Surey

0800 689 1619

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No major constraints.
System requirements
  • Internet connectivity
  • Internet browser (Chrome, IE or Edge)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Limited response at weekends.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), 7 days a week
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Directly via Calla website.
Web chat accessibility testing None to date.
Onsite support Yes, at extra cost
Support levels In addition to our standard support service 9 to 5 (UK time), Monday to Friday, enhanced SLAs and 24x7 support services are available for additional charges.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide onsite training supported with user documentation.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction We have an export utility which allows customers to export their digital evidence files and associated metadata in industry standard format.
End-of-contract process Customers will be provided with an option to extend or renew their contract no later than 90 days before the end date. If they elect not to do so, customers are free to download and export their data at any point before the end of the contract. In addition, upon request, Calla will continue to store a customer's data for a period of up to 90 days following the end of the contract. During this period, the customer will be provided with access to the Cloud service in order to download or export the customer's data. Following this period, Calla will promptly delete any remaining customer data and, upon request, provide the customer with written confirmation that the customer data has been deleted. Calla reserves the right to charge the customer reasonable fees for (a) storing, downloading or exporting the customer data during the period requested by customer and (b) for any assistance provided by Calla in the downloading or exporting of the customer data

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
Application to install Yes
Compatible operating systems
  • Android
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The Calla Account operates on desktop and mobile devices.
Service interface Yes
Description of service interface Our application uses a modern Web UI that is easily accessible.
Accessibility standards None or don’t know
Description of accessibility Calla endeavours to ensure that access to our Cloud services is secure and usable.
Accessibility testing None to date.
What users can and can't do using the API APIs are used by Calla to communicate between the different applications, database and storage.
Access and documentation to the API’s is available on a case by case basis determined by Calla.
Users make changes through the API in accordance with the documentation.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available No


Independence of resources Each customer is provided with its own virtual server.


Service usage metrics Yes
Metrics types Calla Account provides reports on usage patterns.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach We allow customers to download all the data they have stored in the Cloud.
Data export formats Other
Other data export formats
  • All uploaded digital evidence in original formats
  • XML
Data import formats Other
Other data import formats
  • Comprehensive list of digital formats supported for upload.
  • XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We use commercially reasonable efforts to ensure a minimum 99.9% service offering.
Approach to resilience Evidential data in your storage account is always replicated to ensure durability and high availability. Locally redundant storage (LRS) is offered as standard and Geo-redundant storage (GRS) is available at additional cost.
Outage reporting E-mail alerts are sent to system administrators when service outages are identified.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Access to the Cloud environment, data and applications is managed by federating user identities to Active Directory or any standard federation and enabling Azure Multi-Factor authentication for more secure sign-in. Additional users are managed by each customer’s IT Administrator via Active Directory. Calla can use any Active Directory Federation Service (ADFS) if the customer does not have Azure Active Directory.
Access restriction testing frequency Less than once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau
ISO/IEC 27001 accreditation date 8th July 2018
What the ISO/IEC 27001 doesn’t cover Not applicable.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Police-Approved Secure Facility (PASF)

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have an Information Security Policy that is compliant with the requirements of ISO 27001. We have an Information Security Officer who implements this policy and an Internal Compliance Officer who ensure compliance to the policy. Incidents of non-compliance are escalated to a Board representative.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our processes for configuration and change management comply with ISO 27001.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We carry out regular penetration testing using independent and qualified third parties. Patches are deployed in a timescale that reflects the severity of the threat/vulnerability.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We use a range of methods to detect potential compromises. The response procedure and timing reflect the nature of the compromise.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Customers can log incidents via our online fault report form or email (24/7) or via phone (during office business hours). • All cases are managed by our in house support desk and recorded on our incident tracking tool. • All open cases are monitored against pre-defined SLA’s. • The support desk issue service reports to customers either upon request (for small accounts) or pre-agreed intervals (usually either monthly or quarterly) for larger accounts • Service review meetings are chaired by a Calla Service Delivery Manager and are part of our service offering.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £15 to £89 per licence per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Free trials available subject to scoping.

Service documents

Return to top ↑