Verasity Case Management System
Verasity is a customisable case management solution, built around the requirements for law enforcement and their forensic science divisions. Built form the ground up it allows organisations greater flexibility with data management, ease of integration and granular access management across organisations.
- Incident Reporting
- Scene Management
- Intelligent Data Associations In NonSQL Environment (No Linking etc)
- Exhibit Management
- Laboratory Management
- Customisable reports e.g. SOCO
- Small/Lightweight For Full Range Of Devices
- Ease Of Integration
- Finger Print Bureau
- Digital Forensics
- Machine Independent/Extensible (Hardware & Software)
- Scalable For Data Types & Volumes
- Cost-Effective (Licensing, Support, Configuration & Maintenance)
- Applications Only developed Once - Regardless How Technology Changes
- Ease Of Programming With Users Managing Data - No DBAs
- Light Footprint Scalable To Databases Of Many PB Concurrently
- Secure As The System Is Unable To Take Virus
£139 per unit per year
- Education pricing available
- Free trial available
2 1 1 0 6 4 0 9 4 4 3 6 4 9 8
+44 20 36 098765
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||
Verasity can be an 'extension' to existing applications written in languages such as C# etc.
It can interface to other applications/databases, however, it is underpinned by Fornax.
Interfacing is through the Polymach API.
Fornax extends the life of applications and reduces costs of maintenance and support.
|Cloud deployment model||
The software is subject to commercial End-User Licensing Agreements (EULAs). This is available from estatom.com or on request.
The software has been developed for Windows, 7, 8, 10 and Windows Server 2012 and 2016.
The software is available for Linux environments (running under MONO).
Fornax is designed for Intel-based processors, but "customised porting" is available e.g. AMD or ARM processors .
There are no restrictions on support and/or who might support the applications etc.
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Support is tiered depending upon the support package purchased.
Typical customer response time is 4-hours from receipt of the question.
Weekend support (24/7 cover) is available if required but is subject to a separate agreement.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
(a) 0900-1700 Monday to Friday by email and phone. This is provided as part of the overall support package and is charged at 12.5% of the contract value.
(b) Next day on-site support is £85.00/hour. This is in addition to the 12.5% of contract value.
(c) 24/7 telephone support is £125.00/hour outside of 0900-1700 Monday to Friday. This is in addition to the 12.5% of contract value.
|Support available to third parties||Yes|
Onboarding and offboarding
The software is designed to make the set-up and configuration of Verasity as easy, pain-free and efficient as possible for the customer.
This is achieved through the provision of detailed documentation (such as a software installation guide and programming user guide), a support manager to assist in the event of any difficulties with one hour (free of charge) to set-up each VM and 15 mins to set-up each user for a Verasity (Business/Enterprise license).
Business/Enterprise licenses can be trialed for 60-days.
Clearly stated and summarised terms and conditions are supplied with each Engine license and Open-Source API. The Open-Source API is for easy and unrestricted integration of existing applications.
In the event of customer difficulties in establishing the environment, remote desktop support is available.
Estatom aims to deliver for the customer clear on-boarding processes. Ultimately, Estatom’s directors, management and staff are available to deal with any customers’ issues in their on- boarding processes, with practical assistance with and detailed expertise.
|End-of-contract data extraction||
Data can be extracted in any format e.g. .csv., tsv or XML etc.
There are no restrictions and costs for data ingest and export.
Customers must extract their data within the duration of the license. If customers have not extended their license then a license will be required to be purchased to unlock their data.
In the run-up to the license expiry customers will be notified by email of their license expiry and that remedial action is required, i.e. extending the license or making provision for an alternative database/processing engine.
1 month, 2 weeks and 1 week before the end of contract the customer is notified of their license(s) expiry for the Verasity, Fornax Engine, Polymach APIs, Utilities and Clients and that remedial action is required to ensure on-going access to data.
If Client licenses are not renewed the system will lock-out the unlicensed users and the system will not be accessible. Clients can be unlocked subsequently/later or the number of users expanded if the license is renewed or additional seats purchased.
Using the service
|Web browser interface||No|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The application is designed to run on a tablet.|
|What users can and can't do using the API||
The (Polymach) API works with the Fornax environment. It is designed to be open and the programming manual explains how users integrate the Fornax Engine with existing or legacy applications.
Polymach provides a local database, a mini-Fornax Engine (that can be used for local processing purposes, such as validation and transaction construction, thus offloading network traffic and server loads), and an interface to one or more Fornax systems.
The Polymach OpenAPI provides computational as well as database functionality, which is useful in mobile equipment, where connections may not be available. Database synchronisation can then occur as and when connections can be established.
|API documentation formats|
|API sandbox or test environment||Yes|
|Description of customisation||The solution (application) can be customised by any developer, however, customisation below the API can only occur through and by Estatom. This enables solution can be customised to run in different hardware environments (such as mobile, GPUs etc) and with different types of software (e.g. Fortran).|
|Independence of resources||
The software is installed on the customers’ servers and/or clouds of choice. The customers’ platform selection remains outside of Estatom's control and it is irrelevant to Estatom as long as Fornax/Polymach is run on the required processor and OS combination.
The system is designed for a range of scenarios (from high-performance compute [HPC] environments to IoT), however, the software can only handle a certain number of transactions per second and if speeds are affected then further additional (satellite) engines will need to be purchased to manage loads.
|Service usage metrics||Yes|
The system log provides the administrator with information concerning system usage etc. The metrics, which an administrator might require can be customised upon request to include such things as unauthorised accesses, times of use etc.
If required an application can be written to generate customised reports or data can be integrated to an existing dashboard.
|Reporting types||API access|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Scale, obfuscating techniques, or data storage sharding|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||The software has a data export function which allows users to freely import and export data. Users can easily create a database and data can be imported in any standard format e.g. .csv, .tsv or XML.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||Other|
|Other protection between networks||
The software is network independent. It can sit on any cloud platform or network .
The network function is outside of Verasity/Fornax, as the solution is (primarily) under the control of the OS.
Data protection is transit is via standard encryption format such as AES- and the solution allows the data (at Object-level) and meta data to be encrypted differently to minimise network latency and overhead.
|Data protection within supplier network||Other|
|Other protection within supplier network||
Please see above.
The software is network independent. It can sit on any cloud platform or network . The network function is outside of Verasity/Fornax, as the Engine is (primarily) under the control of the OS. Data protection is transit is via standard encryption format such as AES- and the solution allows the data (at Object-level) and meta data to be encrypted differently to minimise network latency and overhead.
Availability and resilience
The software is designed with robustness in mind.
Estatom is unable to guarantee the software's performance resulting from any hardware failure, accidental/malicious damage and environmental disasters, however, it guarantees the availability and performance of each instance depending on the customers’ SLA. Different customer SLAs (up to 99.99%) can be provided depending upon customer budget, software maintenance considerations, hardware configurations and existing support arrangements (e.g. system updates etc.).
Importantly, Verasity's transaction speeds are based on persisted records (non-memory), therefore, loss of data is unlikely. If the SLAs are not achieved and and the fault is attributable to Estatom, Estatom will provide the required support and Fornax processing capability to meet the stated SLAs.
A performance report for any period of operation can be generated from the system log for customers, providing detailed statistics of the systems operation.
|Approach to resilience||
The solution can replicate data (and applications) across customers' sites, regions and zones to deliver resiliency in data and applications for Business Continuity/Disaster Recovery.
Replication can occur to a separate geographical location, to a separate part of the same (cloud) platform or to a totally different (cloud) platform or server/machine. This approach, eliminates any single point of failure, such as power, network or hardware, which might sit outside of Estatom's control.
Estatom works with customers (and their cloud providers) to configure resilient solutions and Estatom encourages the development of architectures across multiple sites, regions and zones.
Support contracts as well as possible configurations and design choices are available for to ensure high availability solutions.
Verasity is able to work within customers' existing Business Continuity/Disaster Recovery plans to reduce downtime in the event of a network, hardware or power failure.
The log provides detailed information on system performance - either manually or automatically.
The information provided can be integrated in to other monitoring tools allowing customers to receive a detailed overview of the system or early identification of a system failure (e.g. disks) which might result in service downtime.
In the event of a failure, Verasity will generate an error message to the user/administrator at which point the BC/DR plan can be activated.
If Verasity reporting/error messaging has been integrated in to the monitoring system of the customer the same processes for BC/DR can be followed. Service disruptions should be reported either to Estatom directly or the customers support provider for the appropriate remedial action to occur. If this is managed by Estatom, it will provide updates on the status of the issue, the remedial action taken and how/why the incident occurred.
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||
Authentication is by the username and password for access to OS, however, for Verasity to run the license file must be validated based on the Mac address and other factors within the environment.
If the environment is moved to another computer the license is invalid and the solution will not execute.
|Access restrictions in management interfaces and support channels||Access Management is at field level in Verasity and it is based on a number of permissions, which are granted to the user by the originator of the Object. Permissions for the system are allocated by the administrator when the user is onboarded and also the data owner.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Other|
|Description of management access authentication||This is achieved via the OS and the binary license file mentioned previously.|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||You control when users can access audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||Other|
|Other security governance standards||Cyber Essentials|
|Information security policies and processes||
Overall Responsibility for security (governance) lies with the managing director.
Information Security/Information Technology (IS/IT) policies are strictly adhered to within Estatom, resulting from its long pedigree as a systems engineering company and its work in Research & Development.
All personnel are required to read Estatom's Information Security Policies & Procedures annually and sign to say that they have done so. In addition, all employees are required to undertake IT security training annually, which examines risks in the office, risks at home, risks in social media and risks in their daily lives.
The majority of Estatom's deployments require individuals to be SC'd and as a result the company places a high-level of importance around security.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Verasity is offered the protection and security of the Operating System and other protection mechanisms that might be in place such as firewalls or monitoring appliances.
Configuration and change management are managed internally and according to clients' demands. Estatom works closely in these instances documenting all procedures and test results.
When Estatom receives a request it is logged and the customer is informed when the update is available. If it is to be implemented before the release date Estatom informs the customer of any costs associated .
Estatom aims to deliver a response within 48 hours.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Verasity is offered the protection and security of the Operating System and other protection mechanisms that might be in place such as firewalls or monitoring appliances.
Estatom works with each customer to understand the nature and types of threats received as well as the NCSC. The results of this work is used for subsequent development of the Fornax Engine.
Ultimately, the Fornax Engine is closed, however, if a vulnerability is detected an update is released (usually within 48-hours of its detection).
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
The system log provides information concerning attempted unauthorised access attempts.
The overall environment will draw upon other resources deployed by the customer concerning protective monitoring solutions and firewalls etc.
|Incident management type||Supplier-defined controls|
|Incident management approach||
In the event of an incident the customer will contact Estatom support for advice on how to manage the incident and if any remedial processes are required.
Estatom will respond within the relevant support arrangements/SLAs, which are in place.
Please see earlier sections.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||Yes|
|Price||£139 per unit per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||A trial period is available for 60-days, with all the features the customer would purchase under the proposed contract/license.|