Direct Path Solutions Ltd

OWL Metro

OWL is a twice Government award-winning neighbourhood engagement & alerting system for Police and CSPs. It’s used by several police forces and councils to reduce crime, fear of crime and maximise potential of Neighbourhood Watch, Business Watch, Rural Watch, general community messaging and many other schemes across society.

Features

  • Communications & alerting via Email, Push/App, SMS, Fax, Web, RSS
  • Contact management with multiple profiles per contact
  • Neighbourhood Watch management, business, specialist groups, KINs, etc
  • Target messages precisely to streets, groups, wards, districts, or county
  • Rock solid reliability; resilience, redundancy, auto backup every 30 mins
  • Detailed management reports of contacts, senders, messages, delivery, etc
  • Access securely from desktops or mobile devices anywhere
  • Contacts can log in and update own details & preferences
  • Use rich or simple hierarchies. Live mapping of contacts
  • Friendly interface, easy to use, flexible. 1000's of happy users

Benefits

  • Helps prevent fraud and reduce & solve crime
  • Makes public feel a lot safer (according to extensive surveys)
  • Rapidly send alerts or appeals to 100'000s or smaller groups
  • Empowers volunteers
  • Enhances community engagement
  • Increases public confidence in police
  • Multi-agency use under a single licence
  • Proven results in both urban and rural communities
  • Also engage with vulnerable groups who aren't online
  • Popular, memorable branding, very high levels of registration

Pricing

£3000 per licence per year

Service documents

Framework

G-Cloud 11

Service ID

2 9 9 4 0 8 8 8 3 2 9 3 9 6 1

Contact

Direct Path Solutions Ltd

Gary Fenton

01438 812873

gcloud@directpath.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Hybrid cloud
Service constraints
No
System requirements
Any desktop or mobile device with Internet access

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our target is to respond to emails within 3 hours during office hours. Weekend support is an upgradable option, as is extended and 24 hours support.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Standard support hours are 9:30am to 5:30pm, Mon-Fri. Emergencies and critical incidents can be reported 24x7. A SLA is provided as standard with all contracts.
Support available to third parties
No

Onboarding and offboarding

Getting started
We provide consultation as part of the service to discuss how you can best get started in terms of organising users, contacts, groups and watches, also with regards to marketing the service to the public. An on-site training session is included. Documentation and how-to guides are available in PDF format.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
An export function is provided to download contact data as a CSV file. Or the data can be requested via support.
End-of-contract process
The customer can export their own data and we will delete it from the system once the contract period has expired if the customer is not going to renew.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
All functions of the desktop service are available on mobile devices.
Service interface
Yes
Description of service interface
All functions of the service are available via a standard web browser including contact management, message sending, search and reports.
Accessibility standards
WCAG 2.1 A
Accessibility testing
Testing was done with screen readers, browsers set to high contrast mode, with CSS removed, with user's own CSS, fonts and colours applied, and other modes and adjustments utilised by the visually impaired. The service has not been formally certified to WCAG but we have worked in accordance to their guidelines.
API
No
Customisation available
Yes
Description of customisation
Branding, colour scheme, domain name, home page. We can customise these elements but this is not available as part of the standard service. However, your logo is included at no extra cost.

Scaling

Independence of resources
Dedicated infrastructure exclusively for the use of the OWL service and its users. High specification, capacity and I/O. Ability to scale if approaching capacity. Demand is constantly monitored and reviewed periodically.

Analytics

Service usage metrics
Yes
Metrics types
Self-service reports include: Number of contacts, addresses, watches/groups, messages written, emails/SMS/calls sent. By district, ward or area or by scheme. Number of users who have sent messages within a time period, any additional cost associated (e.g. SMS/phone). Emails/SMS/calls that have failed. Other stats are available. Please ask if you have a specific requirement.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Less than once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach
Multiple physical barriers, electronic locks, man-traps, biometric & card readers, 24x7 security guards, CCTV, very strict access policy.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
From the administration menu there is an Export option. A download is made available immediately.
Data export formats
CSV
Data import formats
Other
Other data import formats
CSV or Excel file via CJSM or other secure means

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Severely restricted access, limited to police vetted administrators only.

Availability and resilience

Guaranteed availability
We have measured 24x7 service availability every year achieving 99.96%. During office hours we have provided 99.99%. Our SLA is based on a guarantee of responding and resolving issues within a specific timeframe according to the level of severity. If we fail to meet these assurances and the customer wishes to terminate the contract we will refund any remaining period of the contract, less our initial setup costs.
Approach to resilience
The datacentre has multiple redundant power and Internet connections. Our servers each take 2 separate power feeds and 2 separate network feeds. The datacentre also has 2 separate UPS rooms at each end of the building and multiple diesel generators. Further details are available by request for security reasons.
Outage reporting
Customers are notified of planned outages by email and at login, while unplanned outages are posted on the website if possible.

Identity and authentication

User authentication needed
Yes
User authentication
  • Username or password
  • Other
Other user authentication
Additional security requirement (confidential)
Access restrictions in management interfaces and support channels
Only users granted with appropriate levels of permission may access the management interface. The highest levels of access (for infrastructure admin) are additionally restricted by authorised network points only.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
UKAS
ISO/IEC 27001 accreditation date
29/6/2016
What the ISO/IEC 27001 doesn’t cover
Proprietary software
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials
  • Secured by Design (National Police Approval)
  • CESG CHECK
  • McAfee Secure

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials
Information security policies and processes
Security policies as endorsed by Cyber Essentials accreditation on top of our own policies and processes. ISec policy available on request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
In brief, all components and their configurations are documented and updated throughout their lifecycle. Changes are planned in advanced with a security risk assessment and signed off at director level. The changes are applied to the test platform which is monitored to assess the impact. With a successful outcome authorisation is given to apply the changes to the production platform providing a plan has been provided for rollback.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our security partners are a key part of our process in keeping threat detection and protection up to date on a daily basis. Some components are updated daily where others are done to our partner's or supplier's recommended schedule. When we are alerted to a new threat it is assessed as a priority based on information provided by our security partners and actual tests if available.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We have real-time monitoring of threats, unusual activity, and component failure which alert us to investigate immediately. Details are confidential but we can disclose to our Govt customers on request.
Incident management type
Supplier-defined controls
Incident management approach
Customers must report incidents they are aware of directly to us so we can implement processes to assess and remedy it. If we are aware of an incident that may impact the service for the customer we will inform them promptly by email or phone depending on severity. Customers are kept informed if the situation changes and when it's resolved.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£3000 per licence per year
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑