iGOVERN® Mobility is a device and platform agnostic solution, enabling Police Officers to connect to operational systems from remote locations. The service is integrated with force local and national systems. Based on SOA (Service Oriented Architecture) principles it provides officers with access to all critical information needed via handheld devices.
- Single Sign On (SSO)
- Offline Support
- Future Proof - Scalable and Robust
- In Depth Auditing
- Security Compliance
- Multi-Tenanted and SOA (Service Oriented Architecture) based architecture
- Device and Platform Agnostic
- Comprehensive Management Dashboards
- Support for Open Source Technologies
- Geo Fencing
- Increased Police Visibility by 15 to 20 %
- Reduced Load on Back office Staff (ECC and FCC)
- Increased Man Hours available on the street attending more jobs
- Reduced physical IT infrastructure requirement
- Integration - GPS, Camera, Peripherals e.g. SATNAVs, Biometrics Scanners etc.
- Reduced Training Requirements with uniform experience across all business areas.
- Reduced Process lead times (e.g .Crime report creation, intelligence submissions)
- Improved Data Quality - Reduced Double Keying and Auto Data-Population.
- Making Processes more Efficient by Removing Redundancies
- Increased Officer safety - Real time access to critical information
£14.50 to £29.00 per unit per month
HCL Technologies UK LImited
+44 (0) 1784 480 800
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||Not Applicable|
|Cloud deployment model||Private cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
During business hours:
Severity 1 = 1 hour
Severity 2 = 2 hours
Severity 3 = 1 working day
Severity 4 = 2 working days
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Onsite support|
|Support levels||Level 3 - Software Support|
|Support available to third parties||No|
Onboarding and offboarding
|Getting started||Super User training sessions|
|Other documentation formats||Word|
|End-of-contract data extraction||The database is moved to the client's network and complete access to data is provided with a service interface.|
|End-of-contract process||The service is switched off completely, so as to avoid any misuse. Also the customer is provided with access to all the customer data.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||This service is designed to work on the Mobile phone. There are certain features which are available on the desktop, e.g. print, etc. and that is applicable for certain functions. Also Dashboard reporting is available on the Desktops.|
|Accessibility standards||None or don’t know|
|Description of accessibility||The web service hosted on the web server is accessed over the HTTPS (Hyper TextTransfer Protocol) and VPN (Virtual Private Network) tunnel established between the mobile device and the hosting server. The mobile application hosted on the mobile device uses the proxy of the web service to send the request and receive responses. A service hosted on a web server can only be accessed from the HCL mobile application.|
|Accessibility testing||Not Applicable|
|What users can and can't do using the API||Only enrolled users can access the service from the mobile application. The web service is accessible only from a mobile interface. The exposed service is accessible via proxy.|
|API documentation formats|
|API sandbox or test environment||Yes|
|Description of customisation||Customers can pick and choose the functions they want. Also the business logic within those functions is fully customisable.|
|Independence of resources||The scaling of the hosted service is performed based on the total number of users and peak time concurrency level. Each hosted virtual machine is configured to handle 350 concurrent user requests.|
|Service usage metrics||Yes|
|Metrics types||Transaction history report, performance report, exception report, login logout report, offline report, geo fencing report|
|Reporting types||Real-time dashboards|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Other data at rest protection approach||The storage is protected with persistent key and encrypted further by strong encryption key (AES 256) format.|
|Data sanitisation process||No|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||The user can export data by selecting the export function on the dashboard reports of the Admin application.|
|Data export formats||
|Other data export formats|
|Data import formats||
|Other data import formats||Xls and xlsx|
|Data protection between buyer and supplier networks||
|Other protection between networks||By associating the hosted web service with SSL (Secure Sockets Layer) certificate. Also, the service is accessed over HTTPS protocol and data - before transmitting over the air- is encrypted by using AES 256 bit encryption.|
|Data protection within supplier network||Other|
|Other protection within supplier network||Data within the network travels in binary format. Each request or response data is associated with a security token.|
Availability and resilience
|Approach to resilience||The hosting site is physically divided into 2 sites. Each physical site contains an exact replica of servers and acts as failover of the other site. Data synchronisation happens via the "Always On" feature of the MS SQL Server.|
|Outage reporting||Monitoring tools (Microsoft SCOM) are configured to monitor hosted services and virtual machines. Disk coverage and capacity related configurations are performed to raise the alarm to mitigate any failure. An email is sent by the monitoring tool to all stakeholders before any failure happens. Transaction logs are maintained to generate a report on defined intervals.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||
1. User login is authenticated against the Mobile device IMEI and user email ID stored in the database.
2. On successful authentication, a security token is generated and returned back to the mobile application.
3. Each transaction is associated with the security token.
4. The security token session is maintained in the HCL mobility database for a defined time period.
|Access restrictions in management interfaces and support channels||
1. Each user is provided with an access role. The access to the system functionalities are directly linked with the access role permissions.
2. When the user logs into the application, only allowed functionalities are visible to the user.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||You control when users can access audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||You control when users can access audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Bureau Veritas|
|ISO/IEC 27001 accreditation date||26/05/2015|
|What the ISO/IEC 27001 doesn’t cover||Customer specific security requirements, to be discussed at call off contract stage.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||Not known|
|PCI DSS accreditation date||Not known|
|What the PCI DSS doesn’t cover||Not known|
|Other security accreditations||No|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||Yes|
|Security governance standards||
|Other security governance standards||
ISO 9001:2008 - Quality Management
ISO/IEC 20000-1:2011 - Service Management
ISO 14001 - Environmental Management
ISO 27001 - Security Management
|Information security policies and processes||
HCL will protect all its stakeholder interests by ensuring confidentiality integrity and continuous availability of information and information systems under its governance, including those of its customers. This includes but is not limited to electronic/ print information, etc. on servers, workstations, laptops, networking and communication devices, tapes, CDs and information printed or written on paper or transmitted on any medium.
Information is protected from unauthorised access, use, disclosure, modification, disposal or impairment, whether intentional or unintentional, through appropriate technical and organisational security measures.
Information risk assessment will be carried out and criteria established for evaluation and acceptance of risks and acceptable level of risks defined.
Any security incidents, security weaknesses and infringements of the policy, actual or suspected are reported, investigated by the Chief Information Security Officer and appropriate corrective or preventative action initiated.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Configuration Management tracks the IT environment.
A repository maintains all versions of individual work products to help/permit developers to revert to previous versions during testing and debugging.
Dependency tracking and change management covers relationships between enterprise entities and processes, parts of an application design, design components and the enterprise information architecture, design elements and other work products.
HCL tracks all the requirements, design and construction components and deliverables that result from a requirements specification.
An audit trail is maintained about when, why and by whom changes are made, with source information of changes as specific objects in the repository.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Vulnerability management focusses on finding weakness that can be exploited. HCL performs quarterly and/or annual vulnerability scans to get a snapshot at that point in time. Regular scanning ensures new vulnerabilities are detected in a timely manner and are fixed before they occur. The HCL vulnerability management process consists of the following phases:
2. Vulnerability scan
3. Define remediating actions
4. Implement remediating actions
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Not Applicable|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Incident management is designed with a goal to restore a normal service operation as quickly as possible and to minimise the impact on business operations. The incident management process follows these steps:
1. Incident identification and logging by the customer
2. Incident categorisation and prioritisation by the customer
3. HCL works on the incident response performing diagnosis and investigation followed by resolution and bringing the incident to closure
4. Corrective and preventive action are taken to avoid repeat or similar incident in future.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||Yes|
|Connected networks||Public Services Network (PSN)|
|Price||£14.50 to £29.00 per unit per month|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|