Blue Lights Digital

Blue Lights Evolve - Digital Knowledge Solution

A mobile learning and operational reference solution delivering interactive, immersive multimedia digital training courses and resources.

Accredited continual professional development (CPD) for smartphone, tablets and the web enabling access to knowledge, procedures, policy and intelligence.

Scalable learning management system with RBAC admin rights, content design and publication and business insights.

Features

  • Synchronised web and mobile access with Open Source EDX Framework
  • Identity Access Management (IAM) and Role Based Access Controls (RBAC)
  • Offline, local application content available across iOS, Android and Windows
  • Full interactive, automated, visualised, educational workflows with real time reporting
  • Online Leaning and courses with Continual Professional Development (CPD) accreditation
  • Scalable Learning Management System, either self-managed or managed service
  • Live Chat with SMEs, discussion and interactive user-focused features
  • Visual guides delivering legislation, standards, policy, guidance and workflow advice
  • Collaborative integration and design service available for new/updated content
  • COTS subscription content for cyber crime, digital investigation, cryptocurrency, drones

Benefits

  • Enhance adoption and availability of policies and procedures across staff
  • Access to internal and external support teams and SMEs
  • Publish user-focused content, presentations and scenario driven educational resources
  • Deliver training, learning, professional development and policy through one application
  • Review progress on content completion and provides knowledge check function
  • Versatile learning management system providing per organisation and user insights
  • Secure platform via HTTPS SSL/TLS or dedicated mobile application
  • Achieve business insights through automated reporting and dashboard system
  • Control content deployment to individual users or groups through RBAC
  • Flexible pricing including Enterprise, PAYG or per user options

Pricing

£5.000 per instance per month

  • Free trial available

Service documents

G-Cloud 10

207604691329097

Blue Lights Digital

Matt Service

01223919607

matt@bluelightsdigital.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints Available on mobile across iOS, Android and Windows 10. No support for legacy Windows Mobile prior to Windows 8.1

The Evolve platform is routinely tested and verified on the current version and the previous version of each of these browsers. We generally encourage the use of, and fully support the latest version:
Chrome
Safari
Firefox
Microsoft Edge and Microsoft Internet Explorer 11
System requirements
  • If mobile deployment: devices with ability to distribute enterprise applications
  • If desktop deployment: current version of Explorer, Edge, Chrome, Firefox

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Live chat support available when user logged into the system. Response usually with <5 minutes subject to availability.

Mon - Fri 08:00 - 18:00 4 hour response
Sat - Sun 09:00 - 15:00 Next working day response
All other times Next working day response
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Blue Lights Digital is committed to making its products and solutions available to as many people as possible and makes every effort to ensure its solutions are accessible to those with special needs, including those with visual, hearing, cognitive and motor impairments.

Many website and mobile app users can find services difficult to use due to the way they have been designed. We recognise that this is an important issue and are committed to making changes to ensure that our solutions website is accessible in accordance with the World Wide Web Consortium (W3C) guidelines.
Web chat accessibility testing Under testing
Onsite support Yes, at extra cost
Support levels Support is on a reasonable endeavour basis and is included in our pricing. Dedicated 'operational' support can be provided under our standard day rates for an investigating officer.

Technical developers can be provided to assist with data modelling, Data integration, Data Parsing, Data migration, API build, software integration, Network integration and automation under our standard day rates.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Onboarding for end users is provided from the Evolve system itself with an integrated welcome, solution tour and on boarding feature on first launch.

The UI and UX are designed for self provisioning. Content is navigated by breadcrumbs and visual pointers. The app has been UX tested for systems usability.

With all versions of Evolve the live chat support team are available to assist in system support and user issues.

On site training is provided for publishers and administrators in line with deployment preferences. Training can be provided in design, build and operation of Evolve content and reporting on organisation, group or individual user progress and performance.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Data is controlled by assigned data Czars who have overall rights over content and data within the system. Data Czar can be assigned as overall system administrators or with responsibility for individual content or data based upon RBAC. A data Czar can be the client, an appointed 3rd party or as a managed service.

Data Czars can publish, share, collaborate or delete data throughout the duration of the contract or on contract completion.

On content completion, any content contributed by the client or licensed by 3rd party individuals, companies and associates for use within the system remains the intellectual property of the client or third party and will be deleted by Blue Lights Digital.

Any content contributed and licensed by BLUE LIGHTS DIGITAL remains their intellectual property and the licence will cease removing access to users.
End-of-contract process At the end of contract, unless extended the system subscription will lapse and no further updates will be provided to the platform or user accounts.

Access to the mobile apps and web service will be denied to frontend users.

Access will be retained for administrators and Data Czars for a period of 30 days at which point data will be deleted, unless otherwise stipulated or requested.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Bespoke mobile app designed for Evolve across iOS, Android and Windows 10 devices.

Access to content on mobile app is additionally available offline with content retained to be accessed on device without Wi-Fi or mobile data access.
Accessibility standards None or don’t know
Description of accessibility Blue Lights Digital is committed to making its products and solutions available to as many people as possible and makes every effort to ensure its solutions are accessible to those with special needs, including those with visual, hearing, cognitive and motor impairments.

Many website and mobile app users can find services difficult to use due to the way they have been designed. We recognise that this is an important issue and are committed to making changes to ensure that our solutions website is accessible in accordance with the World Wide Web Consortium (W3C) guidelines.
Accessibility testing Testing currently undergoing
API No
Customisation available Yes
Description of customisation Application features and functionality customisable on deployment based upon individual client preferences.

Content and workflows are updatable through RBAC portal by Web Services only with Identity Access Management applied.

Customer managed content can be updated and published to web and mobile users.

Live chat can be routed to internal or external subject matter experts as defined by the client during onboarding.

Scaling

Scaling
Independence of resources Implemented load balancing. Clients can be allocated reserved instances for on demand scaling.

Live chat responses in application are on a best endeavours basis with a team scaled to meet peak interaction times.

Analytics

Analytics
Service usage metrics Yes
Metrics types Service usage metrics are available as standard or can be bespoke per deployment according to individual organisational requirements.

Metrics available include
- Transaction and usage by organisation
- Transaction and usage by individual account
- Usage of individual content blocks
- Usage separated between mobile and web access
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data that is exported directly from Evolve by an administrator or Data Czar is automated in a .csv format.

Blue Lights Digital can, on behalf of the client on request, extract and send data to the client in any standardised format of their choosing.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Availability of less than 99.95% but equal to or greater than 99.0% is guaranteed by a 10% service credit for failure to meet SLA.

Availability less than 99.0% is guaranteed by a 30% service credit for failure to meet SLA.
Approach to resilience We utilise elastic load balancing, computing clusters, autoscaling and cloud flaring (DNS obfuscation) to add resilience to our cloud environments.
Outage reporting Evolve has an integrated Service Page automated update to users of the platform which provides critical information and reduces inbound conversation volume for the support team by proactively surfacing critical outage information in the Evolve home screen.

Customers can then subscribe to updates (via email or live chat) directly to be alerted of any changes.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access to the Evolve system is limited by leading Identity Access Management or alternatively username and password, supported by Two Factor Authentication.

RBAC controls ensure content is limited to deployment per account, group or organisation.

RBAC controlled administrative accounts restricting access to support channels, administrative functions, management reporting interfaces and content design and publication.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Through Cyber Essentials and NCSC cloud principles.
Information security policies and processes We use a shared responsibility model between customers and Blue Lights Digital. We operate, manage, and control the components at the operating system layer down to the physical security of the servers in which the services are provided (including updates and security patches), other associated application software, as well as the configuration of firewalls. ,

It is possible to enhance security and/or meet more stringent compliance requirements by leveraging technology such as host-based firewalls, host-based intrusion detection/ prevention, and encryption which can be requested by our clients at additional charges.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Any changes to our systems are first managed by impact and risk assessment. Any changes to architecture, software or network access is tested within a development environment before release to production. A production snapshot is available for roll back.

Security assessment is managed through in house pentesting an testing procedures. CHECK and CREST accredited pen testing is subject to additional charges.
Vulnerability management type Supplier-defined controls
Vulnerability management approach As part of our Cyber Essentials programme we practice identifying, classifying, remediating, and mitigating vulnerabilities.

We use vulnerability scanners to identify known vulnerabilities, such as open ports, insecure software configuration, and susceptibility to malware. For unknown vulnerabilities, such as a zero-day attacks we relay on updates to our vulnerability scanners such as OWASP ZAP. Vulnerability testing is also part of our test automation processes.

Correcting vulnerabilities involves the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.

We are active members of OWASP and CISP.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We license SiteLock TrueCode Static Application Security Testing (SAST) for source code analysis. Also known as "white-box" testing, TrueCode finds common vulnerabilities by analysing 100% of the source code in our applications without actually executing them, and adds critical layer of security by protecting our web applications.

Our SAST is automated to send alerts if a breach or malware is detected.
Incident management type Supplier-defined controls
Incident management approach The activities within our incident management process include:
Incident detection and recording
Classification and initial support based upon known errors and new events
Investigation and analysis
Resolution and record
Incident ownership, monitoring, tracking and communication

We report on incidents with a full disclosure policy to ensure any impact can be contained and a resolution is satisfactory to the end user.

Incident reports are provided by live chat or email to the end user depending on individual user preference.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)

Pricing

Pricing
Price £5.000 per instance per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Evolve as a platform is provided free from Blue Lights Digital to UK Government departments.

We will provide a 30 day free trial and supporting hardware to access both mobile and web application versions.

Access is limited to selected COTS content and not full system access.

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑