L-3 Communications ASA Limited

Digital Media Management Service

L3 ASA’s DMMS provides digital media investigation capabilities utilising Griffeye’s Analyze Suite (Collaboration Server, DI Ops & DI Pro). This world-leading platform has been developed to meet the digital media management needs of government and commercial organisations. DMMS is currently deployed to UK Law Enforcement to manage child abuse images.


  • Can be deployed nationally on Government networks and infrastructure
  • Developed in collaboration with Government and research institutes
  • Significantly improves operational knowledge between agencies
  • Minimises the risk of missed intelligence
  • Significantly improves operational knowledge between agencies
  • Allows sharing of intelligence between industry and Government
  • Cuts duplication of effort in the analysis of material
  • Enables the identification of previously circulated and new material
  • Enables fast and accurate identification of subjects of interest
  • Integrates with exiting systems and infrastructure


  • World leading and proven system successfully deployed internationally
  • Build on world class and modern technologies
  • Specialised investigative capability
  • Innovative and intuitive tools and techniques
  • Service includes end user training
  • Cloud provision and customer infrastructure deployment options
  • •Strong company pedigree in secure system development and support
  • Supports open and industry standards such as OData
  • Supported by a range of other L-3 G-Cloud services
  • Video and still image capability covering 350+ media formats


£1295 per licence per year

  • Free trial available

Service documents


G-Cloud 11

Service ID

3 9 6 7 3 9 2 2 2 1 1 9 8 1 1


L-3 Communications ASA Limited

John Muir

01252 775757


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints There are a number of technical dependencies contingent upon the deployment model selected. Details can be found in the service definition document.
System requirements Minimum software specification. See service definition

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Monday to Friday - Office Hours (Weekends at additional Cost)

Priority 1 The Software is unavailable or not useable for all users Response Time 4 hours / Update 1 Working Day / Resolution Target 5 Working Days
Priority 2 A key Business Function of the Software is unavailable to all users Response Time 12 hours / Update 3 Working Day / Resolution Target 20 Working Days
Priority 3 An important business function of the Software is affecting a proportion of users Response Time 24 hours / Update Weekly / Resolution Target Next maintenance Release
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels L3 ASA normal service offerings are 8.30am to 5.30pm Monday to Friday. Initial support will be provided by telephone or email via our Support Help Desk. However the company has a flexible approach as is able to tailor a package to support most customer requirements. L3 ASA will prepare a support plan in order to ensure that its meets it's customers requirements. The number and level of staff required will be assessed on case by case basis. The appointed Project Manager will ensure all support contractual commitments are achieved. L3 ASA also includes 3rd Party supplier support to ensure the support solution provides the customer with the most optimum level of support for the supplied service.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Customers are provided with a licence key which allows them to download appropriate elements of the software. L3 then provide installation support and initial training. Further details can be found in the Service Description
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction This is dependent on the type of data and media held with in the service. L3 will provide support where appropriate to ensure the customer can extract all relevant data.
End-of-contract process L-3 ASA will identify the relevant issues and requirements early in the process of delivering or ceasing to deliver the service, and will supply the customer with the required level of advice and support. This will cover areas such as:
 Data migration
 Connecting/disconnecting databases, systems and applications within cloud services
 Security continuity

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install Yes
Compatible operating systems
  • Linux or Unix
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Service can be deployed on suitable Mobile tablets meeting the minimum system specifications.
Service interface Yes
Description of service interface Admin defined permissions such as view, amend, create and delete
Accessibility standards None or don’t know
Description of accessibility Levels can be defined per application
Accessibility testing None beyond standard operating system functionality
What users can and can't do using the API The service utilises a range of APIs. There are specific APIs designed to be used with industry standard forensic tools. There are also a number of restful APIs that can be used by the customer to interoperate with their own systems.
API documentation Yes
API documentation formats Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation There are a large range of customisable options within the GUI, the software capabilities and the support solution. There is also a 'digital market place' where there is an open market place for the Platform. It operates an open plugin framework architecture to attract the best and brightest of new technologies in the field of forensic investigations. A constantly growing portfolio of apps is distributed to users, ensuring the service is continually updated to remain on the cutting edge of digital forensic investigations.


Independence of resources Specific deployments for each customer


Service usage metrics Yes
Metrics types Flexible dependant on customer use case e.g. data volumes, throughput rates, queue times etc
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Griffeye

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach Depending on the Customer's data and protection requirements, L3 ASA will work with the customer to provide appropriate levels of protection using techniques such as standard commercial encryption to high grade Type 1 Government encryption. Security and integrity protection is a risk balanced approach which as part of the initial start up of the service L3 ASA will advise the customer on the most suitable method.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data export is a key component of the service and a range of tools are provided to allow users to facilitate this activity.
Data export formats
  • CSV
  • Other
Other data export formats Over 300 data format export types
Data import formats
  • CSV
  • Other
Other data import formats
  • Multiple (including PhotoDNA, MD5,)
  • Multiple media and video formats

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability L3 ASA has a number of typical SLAs that would provide the Customer with a level of assurance for the availability of the service. Service credits is one such suitable method but any scheme would need to consider the Customer's deployment options which could impact the availability of the provided service. An example would be the level and criticality of the support requested from any hosting service.
Approach to resilience Accredited third party provision
Outage reporting Accredited third party provision

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels Customer defines access control via Active Directory user configuration
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Acredited to HMG and MOD Policy Requirements
  • Cyber Essentials Plus
  • IASME Governance Standard
  • TickIT+

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards L3 ASA is a List X site, which is certified by the Ministry of Defence to hold classified information and media iaw with JSP440. As part of the certification, L3 ASA are required to nominate a trained Security Assurance Coordinator who is responsible and accountable for security compliance.
Information security policies and processes L3 ASA are certified as a List X site by the Ministry of Defence and as such follow the guidelines laid down within JSP440. Part of these guidelines state the requirement to appoint a Security Assurance Coordinator (SAC), who is accountable and responsible for all security, integrity and reliability of both company's and customer's information. This includes all hardware, software and other information. The SAC reports directly to the CEO but has access to wider company and Government support, should any issue require escalation outside the business. All service delivery staff will be suitable cleared and trained individuals and will be accountable to a Board Level Director who will provide an escalation route for the customer if required. L3 ASA are corporate members of the Association for Project Managers (APM) and as such all staff with delivery responsibility will be qualified to at least practitioner level.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Configuration Items are identified by the Project Manager and/or the Technical Authority on the basis of entities that can be acquired or produced, controlled, and verified individually. They may be hardware, software or documents (in physical or electronic form). Each Configuration Item shall be assigned a unique identity. A record of all Configuration Items shall be maintained.
Changes may arise from non-conformities, changes to design requirements, design improvements or similar. Proposals to change a Formal Baseline will use a Change Note, normally in the form of an electronic item which can be stored for the purposes of audit.
Vulnerability management type Supplier-defined controls
Vulnerability management approach L3 ASA has access to a reference system for all delivered services, this may be via a 3rd Party supplier. Any requirement for patching is discussed with the customer and an agreed service update is scheduled. See helpdesk metrics for response times P1 to P3 instances.

In addition, CERT UK is monitoring our IP range to see if it is being accessed by known hackers.

We receive threat information and alerts from various sources on particular Viruses, Scams, Spearfishing and other Cyber techniques, which includes:
• Corporate
• CiSP
• MoD
• Other third parties (such as Checkpoint and Symantec)
Protective monitoring type Supplier-defined controls
Protective monitoring approach Security events include the following:
 Uncontrolled system changes.
 Access violations – e.g. password sharing.
 Breaches of physical security.
 Non-compliance with policies.
 Systems being hacked / manipulated.
Security weaknesses include:
 Inadequate firewall / antivirus.
 System malfunctions or overloads.
 Malfunctions software applications.
 Human errors.
The PM will report any incidents by the most expedient means to
the SAC by telephone or in person which will be followed up by email with details. No containment action will be taken without instructions from the SAC. See helpdesk metrics for response to P1 to P3 incidents.
Incident management type Supplier-defined controls
Incident management approach L3 ASA use the methodology described within the ITIL v3.0 framework to manage incidents. Incidents are reported via the helpdesk and are assessed and managed iaw the response times shown in the helpdesk section. The helpdesk will usually have a predefined set of common faults which will aid troubleshooting along with the support of the 3rd Party suppliers who make up the service.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)


Price £1295 per licence per year
Discount for educational organisations No
Free trial available Yes
Description of free trial Access to full service for a limited number of users

Service documents

Return to top ↑