FISH Digital Forensics


The capture of Fingerprints and Footprints at scene of crime for immediate transmission, from a variety of mobile devices, back to the relevant experts for analysis and comparison against local records and national records for submission or rejection.


  • Accurate professional image capture
  • Robust transmission of evidence with chain of custody
  • Accurate real time reporting
  • Management reporting
  • Task and Resource management
  • Interfacing with National Systems
  • Mobile transmission of evidence focussed to increase speed of detection


  • Real time evidence submission and processing
  • Workflow to improve efficiency of bureaus
  • Accurate management information for real time decisions
  • Advanced tools for management of images for better analysis
  • Automatic or manual job selection increases through put
  • Significant improvement in accuracy
  • Integration with National systems makes comparisons easy


£10 per user per day

Service documents

G-Cloud 9


FISH Digital Forensics

Phil Marshall


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to The underlying crime or resource management applications like Niche/ Socrates and local Lab Management systems
Cloud deployment model Hybrid cloud
Service constraints FISH DF is deployed in numerous forces with disparate ICT platforms including virtual environments such as Citrix with no known issues -
System requirements
  • Current generation Windows based desktop PCs and servers
  • Windows XP to 10, Windows Server 2012 R2 or higher
  • Internet Explorer version 10 or higher
  • Optional scanners require TWAIN drivers
  • Optional media card reader
  • Optional printers require generic Windows drivers

User support

User support
Email or online ticketing support Email or online ticketing
Support response times In relation to incidents the following response times are: Priority 1 = 15 minutes Priority 2 = 30 minutes Priority 3 = 60 minutes Priority 4 = 2 hours In relation to service requests, we acknowledge according to the following times: Priority 1 = 15 minutes Priority 2 = 30 minutes Priority 3 = 60 minutes Priority 4 = 12 hours These times are determined once the service request is categorised, classified and assigned an owner. The service desk is available 24 by 7 and 365 days a year to respond to questions. FISH DF responds accordingly .
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels In addition to the services provided by warranty, the Software Support service includes:
• Access to software updates, maintenance releases and patches; Customers are granted access to entitled software releases throughout the term of their service contract - from software updates to maintenance releases that address a specific software issue. Updates are available for download from the FISH DF support website.
• Access to online support web site for software downloads:
• Unlimited support requests: Support is available from Monday to Friday, 8 a.m. to 8 p.m., UK time.
Support charges are various dependent on size of installation (part cloud part on-site ) and other factors around usage - it is not therefore appropriate to give a fixed cost.
Our platform supplier (Sungard Availability Services) offers a full range of support options including a technical account manager and cloud support engineers.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started FISH provides documentation and onsite training
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Images stored in the FISH online archive can be bulk exported. Each image will have a sidecar text file containing submission and audit / chain of custody information.

The API can be used to extract past job information
End-of-contract process FISH DF employs a world class expert on Fingerprint and Biometric services, who built the UK's first shared service at EMSOU ( East Midlands Scientific Operations Unit ). In addition as of 2017 FISH DF will be holding regular workshops with it clients to ensure legislative changes such as ISO-17025 or innovative new technology - such as the recent Remote Transmission Proof of Concept at the Yorkshires are incorporated into the latest FISH DF versions. This "horizon scanning" ensures our clients do not want to end their contracts ! - However as part of the end of contract we will offer options to extend the contract or take in house as well as the obvious shutting down support. Our expert consultant will work with the force to ensure the minimum disruption and to include advice and guidance on any transformation the new incoming software will need around business process change. This support has not been costed in to date but in recognition of this question FISH DF will offer one day of end of life support - additional days if needed would be costed at our current day rate of £600.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install Yes
Compatible operating systems
  • Android
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The mobile devices are used for submission and business management. The desktop service includes the same as the mobile but is primarily used for image processing and workflow where high performance and large screens are required
Accessibility standards WCAG 2.0 AAA
Accessibility testing The mobile submission process has been penetration tested at West Yorkshire Police
What users can and can't do using the API There are two API interfaces - one for the submission of images on to an SFTP server and one for lab managements. The API is based on RESTFULL calls using an HTTP protocol and commands in JSON format
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Buyers can customise standing data tables, workflows, case details


Independence of resources The service architecture is designed in such a way that the IT infrastructure can be expanded to meet any operational demands


Service usage metrics Yes
Metrics types All aspects of the operational use of the FISH service can be generated. These include SLAs, audits and usage reports.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Manually by selecting export option
By printing images and reports
Data export formats
  • CSV
  • Other
Other data export formats PDF reports
Data import formats
  • CSV
  • Other
Other data import formats
  • Professional image formats TIF, JPEG, JPEG200, NEF, RAW, PNG, BMP
  • PDF documents

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Up to 99.99% availability assured by contractual commitment
Approach to resilience Sungard AS (FISH DF platform supplier) offers an SLA for customers for Service availability. Single-site service availability for a customer is 99.5%. Dual-site service availability for a customer is 99.9%. All service elements within a single site are resilient and are redundant between sites catering for high availability services. Sungard AS can provide a system design review and analysis with the customers if required. This is available on request and at additional charges, price on application
Outage reporting FISH DF reports any outage via email alert to customers.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels Access is restricted in management interfaces and support channels by using user group permissions. A set of groups are defined in-conjunction with the customer that are linked to system functionality and ability to manage certain crime types and evidence . Users are added/removed from a group by the customer service manager.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We are governed by our end clients in the UK police forces and adhere to their required ( various) levels of clearance and standards especially when using remote access to upload or manage the FISH DF software.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach FISH DF conform to ITIL best practice but are not currently accredited. Our hardware platform however is accredited Sungard AS has a governance process in place to track all assets and to review and manage change to the platform. This process is encompassed within the Sungard AS ISO27001 certification. All changes are reviewed and approved including impact from a security perspective before implementation
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Sungard AS, The FISH DF platform, applies patches to the platform, including customer managed elements in accordance with the PSN Code of Compliance patching regime. Critical patches within 14 Days; Important Patches within 30 Days; Other Patches within 60 Days Sungard use automated Vendors tools to retrieve and manage the application of patches. A patching policy is in place and the estate is regularly checked for patch compliance via the annual ITHC. Multiple ITHC’s are undertaken each year. Where emergency patches are required to address an imminent threat to the platform or service then the change management process supports this.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Sungard AS employs a Protective Monitoring service that complies with GPG13 and operates at the DETER assurance level. The Service monitors events from all the infrastructure and management elements of the platform. Events of interest raise alerts to the 24 x 7 SOC. Any suspicious activity is then notified to the Sungard AS Secure operations team. Sungard AS allows FISH DF to implement our Own Protective Monitoring regime for the application and Operating Systems of guest workloads. FISH DF can also elect to have Sungard AS provide a managed service which results in events being sent to the same SOC.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach FISH DF has a defined incident management process which is available on request.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)


Price £10 per user per day
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑