Imagen Ltd.

Imagen Media Management Platform, Digital Asset Management for G-Cloud

Store, manage and share your organisation's growing media library securely with your own customisable platform.

Control internal and external access to content and search through large volumes of media at speed within an intuitive, fully-branded platform.

A powerful video management platform trusted to protect sensitive and valuable media assets.

Features

  • Crucial security features as standard, including Single Sign-on, watermarking
  • Intuitive user interface with branded design and custom email notifications
  • Granular user / user group access and permission controls
  • Powerful search, secure player, fast uploads, content clipping and sharing
  • Download range of media formats, to local and connected devices
  • Customisable workflow engine automates tasks, incl. proxy creation and watermarking
  • Transactional and subscription-based built-in monetisation options
  • Built-in user analytics dashboard with Google Analytics integration
  • Comprehensive, flexible and scalable for integration with third party systems
  • Professional media cataloguing interface embedded in platform

Benefits

  • Intuitive interface makes managing and sharing content easy
  • Powerful search features find specific moments within media in seconds
  • Start small and scale up as your library grows
  • Automated ingest and distribution of media across your organisation
  • Catalogue and index media files to make content more discoverable
  • Access content across a range of devices
  • Increased efficiency in media storage drives future cost reductions
  • Track user engagement as well as content popularity
  • Better organised content enables you to exploit your library easily
  • Security of content prevents reshoots of lost or damaged footage

Pricing

£15,000 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.blake@imagen.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

2 2 5 7 2 7 0 8 3 4 8 4 9 8 5

Contact

Imagen Ltd. Tony Blake
Telephone: +44 (0)1954 262000
Email: tony.blake@imagen.io

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No.
System requirements
None

User support

Email or online ticketing support
Email or online ticketing
Support response times
Up to 24/7 response time dependent on support package.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Sold as a yearly renewable fee alongside an Imagen Software licence, Software Support is provided in four different levels. The different levels provide varying response times and type of support, and are calculated as a percentage of an Imagen Software and Replicating Storage licences.

Support response times range from 1 hour to 2 business days.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide on-site, on-line and telephone training where requested. Our professional services department will support the customer though initial deployment into production.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
We provide an exit strategy at the beginning of each contract. Imagen will provide full access to your material and data in an agreed format, subject to costs.
End-of-contract process
Media and data extraction at the end of the contract are subject to charge. This will be negotiated at the start of the contract.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Majority of Imagen functionality remains.
Service interface
No
API
Yes
What users can and can't do using the API
These REST APIs provide access to the Imagen system for record and media creation and management. Where necessary, OAuth is used to provide security for those calls that require it and OAuth is also used to identify both users and applications.

The Imagen MediaControlCentre is the core service in the Imagen system for managing media. The Imagen StorageService provides a stable abstraction to the storage system that you are using.

If you want to interact with the Imagen REST API, then you must create an Imagen application using the Developer section of ImagenWeb.

Creating an application generates a unique API key and secret for your application. The API key and, in some cases, the user’s access token obtained via OAuth 2.0 will be used to authenticate the application's HTTP requests to the Imagen REST API.

Each new Imagen application is given a list of scopes that define which REST resources it can use. An Imagen administrator can modify the default scope for an application.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
The Imagen platform can be customised in many ways, from background media workflows, customised database schema, user access groups and permissions, through to front-end web design.

Customisations can be made by allocated administrators of the service whether through a browser or a client application.

Scaling

Independence of resources
Each system is discrete and not shared.

Analytics

Service usage metrics
Yes
Metrics types
Analytics via Google
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Certification with ISO-27001 /2013 standards.
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
By request, we can provide data exports in a number of common formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • MySQL
  • XML
Data import formats
  • CSV
  • Other
Other data import formats
XML

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Availability based on chosen cloud provider's SLAs. Currently, the use of Microsoft Azure and AWS provide 99% + availability.
Approach to resilience
Chosen cloud providers, including Microsoft Azure and Amazon Web Services, provide resilience as certified by ISO 22301 / 2012.
Outage reporting
There are no specific outage reports built into the service.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
As part of the setup and configuration process for an Imagen system, administrators will create certain user groups which grant users within them certain access permissions or restrictions. For example, this might prevent some users from being able to make any changes at all to the platform but they can search and stream records. In another example, some users might be able to download content but only in SD with a watermarked burned over the top. It's all very customisable and can be configured in the 'backend' of the product. This can feed into an organisation's intranet if required.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
JAZ ANZ under IAF agreement.
ISO/IEC 27001 accreditation date
February 2016
What the ISO/IEC 27001 doesn’t cover
Corporate data processed for management information.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
ISO 27001/2013 certification includes:

Leadership engagement
Risk assessment & risk treatment methodology
Communications, Training & Awareness & Documentation
Risk treatment
Monitoring & measurement of controls & policy adoption auditing
Internal audit
Management reviews & adoption of improvements
Policy creation & review
Internal organisation roles & responsibilities
Mobile device & teleworking
Human resources
Assets management and acceptable use of assets
Information classification
Media handling
Access control
Cryptographic
Physical and environmental

Operations security policy to include:
Change management
Capacity management
Separation of development, testing and operational environments
Controls against malware
Information backup
Event logging
Clock synchronisation
Controls for operational software
Technical vulnerability management

Communications security policy to include:
Network security management
Information transfer

Systems acquisition, development & maintenance
Supplier
Incident management
Business continuity
Compliance

The designated risk owner for Information Security is the Chief Operating Officer (COO). The responsible process owner is the Information Security Risk & Compliance Manager (ISRCM) reporting to the COO.

ISRCM is responsible for:
Policy development with final approval from the COO
Conducting information security risk assessments
Information security communications and awareness
Developing and maintaining an internal audit plan
Conducting internal audits
Conducting management reviews
Proposal and management of identified improvements

This process ensures that policies are followed.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
In accordance with our ISO27001 management system.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Vulnerability management is considered and managed via contract and our Supplier policy, which targets Tier 1 suppliers and includes consideration of supplier’s adoption and certification to ISO compliant standards and data agreements conforming to legal and regulatory compliance. These include the adoption of the following standards ISO27001, ISO20018, ISO22301, EU:US Data Privacy Shield.

Risk are assessed, documented & managed via our own internal ISO27001/2013 & ISO9001/2008 management systems and supplier agreements. The ISRCM is responsible for security reviews and identification of potential risks from subscription to ICO, IS security (google alerts), Cyber Security Forums news feeds, meetings & seminars.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Conducting risk assessments as part of the ISO27001 management system allowed us to identify controls related to the biggest areas of risk. Proactive monitoring enables us to identify & reduce to a minimum the number of staff with access to high-risk data assets in scope of the ISMS. Monitoring & measurement audits identify potential compromises, which are reported to management via email/telephone and rectified. Access controls & acceptable use of assets policies set out requirements and incidents are responded to according to the following:
Internal incident related to confidentiality: immediate.
External incident related to availability: In accordance with contractual SLA’s.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Imagen support desk manages incidents of all types; major incidents are escalated to senior management. All incidents are recorded in a dedicated incident response platforms and allocated a resource to manage the incident. The support desk is manned 24 x 7 with access available to all customers. Reporting is via telephone, email of direct access to record incidents in the incident management platform. The ISO27001 management system has a detailed document which is audited on a regular basis.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£15,000 an instance a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.blake@imagen.io. Tell them what format you need. It will help if you say what assistive technology you use.