Imagen Ltd.

Imagen Media Management Platform, Digital Asset Management for G-Cloud

Store, manage and share your organisation's growing media library securely with your own customisable platform.

Control internal and external access to content and search through large volumes of media at speed within an intuitive, fully-branded platform.

A powerful video management platform trusted to protect sensitive and valuable media assets.


  • Crucial security features as standard, including Single Sign-on, watermarking
  • Intuitive user interface with branded design and custom email notifications
  • Granular user / user group access and permission controls
  • Powerful search, secure player, fast uploads, content clipping and sharing
  • Download range of media formats, to local and connected devices
  • Customisable workflow engine automates tasks, incl. proxy creation and watermarking
  • Transactional and subscription-based built-in monetisation options
  • Built-in user analytics dashboard with Google Analytics integration
  • Comprehensive, flexible and scalable for integration with third party systems
  • Professional media cataloguing interface embedded in platform


  • Intuitive interface makes managing and sharing content easy
  • Powerful search features find specific moments within media in seconds
  • Start small and scale up as your library grows
  • Automated ingest and distribution of media across your organisation
  • Catalogue and index media files to make content more discoverable
  • Access content across a range of devices
  • Increased efficiency in media storage drives future cost reductions
  • Track user engagement as well as content popularity
  • Better organised content enables you to exploit your library easily
  • Security of content prevents reshoots of lost or damaged footage


£15,000 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

2 2 5 7 2 7 0 8 3 4 8 4 9 8 5


Imagen Ltd. Tony Blake
Telephone: +44 (0)1954 262000

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
Up to 24/7 response time dependent on support package.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Sold as a yearly renewable fee alongside an Imagen Software licence, Software Support is provided in four different levels. The different levels provide varying response times and type of support, and are calculated as a percentage of an Imagen Software and Replicating Storage licences.

Support response times range from 1 hour to 2 business days.
Support available to third parties

Onboarding and offboarding

Getting started
We provide on-site, on-line and telephone training where requested. Our professional services department will support the customer though initial deployment into production.
Service documentation
Documentation formats
End-of-contract data extraction
We provide an exit strategy at the beginning of each contract. Imagen will provide full access to your material and data in an agreed format, subject to costs.
End-of-contract process
Media and data extraction at the end of the contract are subject to charge. This will be negotiated at the start of the contract.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Majority of Imagen functionality remains.
Service interface
What users can and can't do using the API
These REST APIs provide access to the Imagen system for record and media creation and management. Where necessary, OAuth is used to provide security for those calls that require it and OAuth is also used to identify both users and applications.

The Imagen MediaControlCentre is the core service in the Imagen system for managing media. The Imagen StorageService provides a stable abstraction to the storage system that you are using.

If you want to interact with the Imagen REST API, then you must create an Imagen application using the Developer section of ImagenWeb.

Creating an application generates a unique API key and secret for your application. The API key and, in some cases, the user’s access token obtained via OAuth 2.0 will be used to authenticate the application's HTTP requests to the Imagen REST API.

Each new Imagen application is given a list of scopes that define which REST resources it can use. An Imagen administrator can modify the default scope for an application.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
The Imagen platform can be customised in many ways, from background media workflows, customised database schema, user access groups and permissions, through to front-end web design.

Customisations can be made by allocated administrators of the service whether through a browser or a client application.


Independence of resources
Each system is discrete and not shared.


Service usage metrics
Metrics types
Analytics via Google
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Certification with ISO-27001 /2013 standards.
Data sanitisation process
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
By request, we can provide data exports in a number of common formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • MySQL
  • XML
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Availability based on chosen cloud provider's SLAs. Currently, the use of Microsoft Azure and AWS provide 99% + availability.
Approach to resilience
Chosen cloud providers, including Microsoft Azure and Amazon Web Services, provide resilience as certified by ISO 22301 / 2012.
Outage reporting
There are no specific outage reports built into the service.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
As part of the setup and configuration process for an Imagen system, administrators will create certain user groups which grant users within them certain access permissions or restrictions. For example, this might prevent some users from being able to make any changes at all to the platform but they can search and stream records. In another example, some users might be able to download content but only in SD with a watermarked burned over the top. It's all very customisable and can be configured in the 'backend' of the product. This can feed into an organisation's intranet if required.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
JAZ ANZ under IAF agreement.
ISO/IEC 27001 accreditation date
February 2016
What the ISO/IEC 27001 doesn’t cover
Corporate data processed for management information.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
ISO 27001/2013 certification includes:

Leadership engagement
Risk assessment & risk treatment methodology
Communications, Training & Awareness & Documentation
Risk treatment
Monitoring & measurement of controls & policy adoption auditing
Internal audit
Management reviews & adoption of improvements
Policy creation & review
Internal organisation roles & responsibilities
Mobile device & teleworking
Human resources
Assets management and acceptable use of assets
Information classification
Media handling
Access control
Physical and environmental

Operations security policy to include:
Change management
Capacity management
Separation of development, testing and operational environments
Controls against malware
Information backup
Event logging
Clock synchronisation
Controls for operational software
Technical vulnerability management

Communications security policy to include:
Network security management
Information transfer

Systems acquisition, development & maintenance
Incident management
Business continuity

The designated risk owner for Information Security is the Chief Operating Officer (COO). The responsible process owner is the Information Security Risk & Compliance Manager (ISRCM) reporting to the COO.

ISRCM is responsible for:
Policy development with final approval from the COO
Conducting information security risk assessments
Information security communications and awareness
Developing and maintaining an internal audit plan
Conducting internal audits
Conducting management reviews
Proposal and management of identified improvements

This process ensures that policies are followed.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
In accordance with our ISO27001 management system.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Vulnerability management is considered and managed via contract and our Supplier policy, which targets Tier 1 suppliers and includes consideration of supplier’s adoption and certification to ISO compliant standards and data agreements conforming to legal and regulatory compliance. These include the adoption of the following standards ISO27001, ISO20018, ISO22301, EU:US Data Privacy Shield.

Risk are assessed, documented & managed via our own internal ISO27001/2013 & ISO9001/2008 management systems and supplier agreements. The ISRCM is responsible for security reviews and identification of potential risks from subscription to ICO, IS security (google alerts), Cyber Security Forums news feeds, meetings & seminars.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Conducting risk assessments as part of the ISO27001 management system allowed us to identify controls related to the biggest areas of risk. Proactive monitoring enables us to identify & reduce to a minimum the number of staff with access to high-risk data assets in scope of the ISMS. Monitoring & measurement audits identify potential compromises, which are reported to management via email/telephone and rectified. Access controls & acceptable use of assets policies set out requirements and incidents are responded to according to the following:
Internal incident related to confidentiality: immediate.
External incident related to availability: In accordance with contractual SLA’s.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Imagen support desk manages incidents of all types; major incidents are escalated to senior management. All incidents are recorded in a dedicated incident response platforms and allocated a resource to manage the incident. The support desk is manned 24 x 7 with access available to all customers. Reporting is via telephone, email of direct access to record incidents in the incident management platform. The ISO27001 management system has a detailed document which is audited on a regular basis.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£15,000 an instance a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.