Direct Path Solutions Ltd

OWL Metro

OWL is a twice Government award-winning neighbourhood engagement & alerting system for Police and CSPs. It’s used by several police forces and councils to reduce crime, fear of crime and maximise potential of Neighbourhood Watch, Business Watch, Rural Watch, general community messaging and many other schemes across society.


  • Communications & alerting via Email, Push/App, SMS, Fax, Web, RSS
  • Contact management with multiple profiles per contact
  • Neighbourhood Watch management, business, specialist groups, KINs, etc
  • Target messages precisely to streets, groups, wards, districts, or county
  • Rock solid reliability; resilience, redundancy, auto backup every 30 mins
  • Detailed management reports of contacts, senders, messages, delivery, etc
  • Access securely from desktops or mobile devices anywhere
  • Contacts can log in and update own details & preferences
  • Use rich or simple hierarchies. Live mapping of contacts
  • Friendly interface, easy to use, flexible. 1000's of happy users


  • Helps prevent fraud and reduce & solve crime
  • Makes public feel a lot safer (according to extensive surveys)
  • Rapidly send alerts or appeals to 100'000s or smaller groups
  • Empowers volunteers
  • Enhances community engagement
  • Increases public confidence in police
  • Multi-agency use under a single licence
  • Proven results in both urban and rural communities
  • Also engage with vulnerable groups who aren't online
  • Popular, memorable branding, very high levels of registration


£3000 per licence per year

Service documents

G-Cloud 11


Direct Path Solutions Ltd

Gary Fenton

01438 812873

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints No
System requirements Any desktop or mobile device with Internet access

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our target is to respond to emails within 3 hours during office hours. Weekend support is an upgradable option, as is extended and 24 hours support.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Standard support hours are 9:30am to 5:30pm, Mon-Fri. Emergencies and critical incidents can be reported 24x7. A SLA is provided as standard with all contracts.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide consultation as part of the service to discuss how you can best get started in terms of organising users, contacts, groups and watches, also with regards to marketing the service to the public. An on-site training session is included. Documentation and how-to guides are available in PDF format.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction An export function is provided to download contact data as a CSV file. Or the data can be requested via support.
End-of-contract process The customer can export their own data and we will delete it from the system once the contract period has expired if the customer is not going to renew.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service All functions of the desktop service are available on mobile devices.
Service interface Yes
Description of service interface All functions of the service are available via a standard web browser including contact management, message sending, search and reports.
Accessibility standards WCAG 2.1 A
Accessibility testing Testing was done with screen readers, browsers set to high contrast mode, with CSS removed, with user's own CSS, fonts and colours applied, and other modes and adjustments utilised by the visually impaired. The service has not been formally certified to WCAG but we have worked in accordance to their guidelines.
Customisation available Yes
Description of customisation Branding, colour scheme, domain name, home page. We can customise these elements but this is not available as part of the standard service. However, your logo is included at no extra cost.


Independence of resources Dedicated infrastructure exclusively for the use of the OWL service and its users. High specification, capacity and I/O. Ability to scale if approaching capacity. Demand is constantly monitored and reviewed periodically.


Service usage metrics Yes
Metrics types Self-service reports include: Number of contacts, addresses, watches/groups, messages written, emails/SMS/calls sent. By district, ward or area or by scheme. Number of users who have sent messages within a time period, any additional cost associated (e.g. SMS/phone). Emails/SMS/calls that have failed. Other stats are available. Please ask if you have a specific requirement.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Less than once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach Multiple physical barriers, electronic locks, man-traps, biometric & card readers, 24x7 security guards, CCTV, very strict access policy.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach From the administration menu there is an Export option. A download is made available immediately.
Data export formats CSV
Data import formats Other
Other data import formats CSV or Excel file via CJSM or other secure means

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network Severely restricted access, limited to police vetted administrators only.

Availability and resilience

Availability and resilience
Guaranteed availability We have measured 24x7 service availability every year achieving 99.96%. During office hours we have provided 99.99%. Our SLA is based on a guarantee of responding and resolving issues within a specific timeframe according to the level of severity. If we fail to meet these assurances and the customer wishes to terminate the contract we will refund any remaining period of the contract, less our initial setup costs.
Approach to resilience The datacentre has multiple redundant power and Internet connections. Our servers each take 2 separate power feeds and 2 separate network feeds. The datacentre also has 2 separate UPS rooms at each end of the building and multiple diesel generators. Further details are available by request for security reasons.
Outage reporting Customers are notified of planned outages by email and at login, while unplanned outages are posted on the website if possible.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication Additional security requirement (confidential)
Access restrictions in management interfaces and support channels Only users granted with appropriate levels of permission may access the management interface. The highest levels of access (for infrastructure admin) are additionally restricted by authorised network points only.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 UKAS
ISO/IEC 27001 accreditation date 29/6/2016
What the ISO/IEC 27001 doesn’t cover Proprietary software
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials
  • Secured by Design (National Police Approval)
  • McAfee Secure

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Cyber Essentials
Information security policies and processes Security policies as endorsed by Cyber Essentials accreditation on top of our own policies and processes. ISec policy available on request.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach In brief, all components and their configurations are documented and updated throughout their lifecycle. Changes are planned in advanced with a security risk assessment and signed off at director level. The changes are applied to the test platform which is monitored to assess the impact. With a successful outcome authorisation is given to apply the changes to the production platform providing a plan has been provided for rollback.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our security partners are a key part of our process in keeping threat detection and protection up to date on a daily basis. Some components are updated daily where others are done to our partner's or supplier's recommended schedule. When we are alerted to a new threat it is assessed as a priority based on information provided by our security partners and actual tests if available.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We have real-time monitoring of threats, unusual activity, and component failure which alert us to investigate immediately. Details are confidential but we can disclose to our Govt customers on request.
Incident management type Supplier-defined controls
Incident management approach Customers must report incidents they are aware of directly to us so we can implement processes to assess and remedy it. If we are aware of an incident that may impact the service for the customer we will inform them promptly by email or phone depending on severity. Customers are kept informed if the situation changes and when it's resolved.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £3000 per licence per year
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑