Coeus Software Ltd

PoliceBox: Mobile Working Platform

A mobile working platform designed for operational policing. An innovative approach to digital transformation that delivers radical operational business change. Mobilises business processes using a simple design tool with no coding required. Integrate with back office systems using connectors. Works with Android, iOS and Windows devices both online and offline.


  • Mobile working platform designed especially for Policing
  • Simple drag and drop Business Process APP designer
  • Modular, scalable utilising Microsoft Azure can support the largest force
  • Connector Technology for back office integration with new/legacy systems
  • Open Standard API
  • Microsoft Active Directory (ADFS) integration
  • Client APP available: Android, iOS and Windows smartphones and tablets
  • Compliant to Home Office EWS/DWS Digital Evidence standards
  • Cloud First, Mobile First using Hybrid cloud service delivery


  • Efficiency Savings: reduce in-shift returning to office
  • Productivity Gains: data in back office systems within minutes
  • Reduce trainings overhead: Intuitive User Experience across business processes
  • Lower cost: simple subscription model with no hidden charges
  • Improved Operational Management: Real time view of processes using Dashboards
  • Digital Transformation: Forces can introduce new processes at their pace
  • Business Change: control business process design using own business analysts
  • Commodity Technology: less need for expensive consultants
  • User Management: easy management of users through ADFS


£1.50 to £42.50 per person per month

  • Free trial available

Service documents


G-Cloud 11

Service ID

4 4 4 0 3 1 2 1 7 7 0 4 1 6 9


Coeus Software Ltd

Simon Hall

0800 849 8811

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints Our service requires: Federated Authentication using Azure Active Directory (with ADFS or Azure AD Connect); Windows Server (Hybrid Server) for exporting of completed tasks within your IT environment. Full provisioning documentation is also provided. Windows desktop is used for the business process app design tool. You will need to use the OnBoarding Cloud support service to establish the Hybrid components. You will also need to decide upon the use of the "Data Return" service at subscription termination, when notification is issued. The service will make use of your existing enterprise device (security & management) solution and mobile network infrastructure.
System requirements
  • Windows Server (Hybrid Server) 2012 R2 or later
  • Federated Authentication Azure AD using ADFS or Azure AD Connect
  • Windows 10 (UWP) Client Devices or
  • IOS 9 (or later) Client Devices or
  • Android 5.0 (Lollipop) Client Devices
  • Network Access to Azure UK data centres
  • Windows 7 or later for the Design Tool

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our standard response times are based upon Monday-Friday 0830 to 1800, except English bank holidays. Our service is monitored 24x7x365 and our support team will rectify emergency issues as soon as they are detected.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Business Hours Mon-Fri 08.30 to 18.00 Except English Bank Holidays. Online ticketing service 24x7x365. Incidents acknowledged within 4hrs with problem assessment within 24hrs. Major Incidents action within 4hrs.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide an onboarding service which includes delivery of software as well as online training (client application familiarisation videos) and user documentation.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Video
  • Immersive Try-out
End-of-contract data extraction We provide an offboarding service and data return support service. This allows your database to be extracted as a backup file and presented to you on your media.
End-of-contract process The offboarding service provides a data return support service. You must request the data extract service within 14 working days of notice of cancellation. The data return support service is a chargeable service via our professional services outcomes (Lot 3 Cloud Support) based on our standard SFIA rate card.

Using the service

Using the service
Web browser interface No
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service There are no differences between mobile and desktop. The desktop application uses the Windows 10 Universal Windows Platform (UWP) and the app is deployed via the Windows Store.
Service interface Yes
Description of service interface Day to day management of the service is provided through a web-browser. It is role-based and permits management of users, task queue, statistics dashboard, audit log review and system log review.
Accessibility standards None or don’t know
Description of accessibility Day to day management of the service is provided through a web-browser. It is role-based and permits management of users, task queue, statistics dashboard, audit log review and system log review.
Accessibility testing None at this time. it is a roadmap item.
What users can and can't do using the API An API and SDK for PoliceBox may be purchased.
These tools enable the development of PoliceBox connectors for:
1. Exporting output from completed tasks to back office systems.
2. Enabling research via Client application from back office systems.

Connectors are deployed to the relevant Export/Search Gateway service on the Hybrid server and are made available for use in the design tool. Connectors permit federated searching (where search results may be used to complete tasks) and federated distribution of output from completed tasks to back office systems.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation You can customise the entire platform to digitise any business process. Connectors can be deployed to allow research from or export to any target back office system.
* Creating Business Processes is undertaken in the Business Process APP design tool and can be done by anyone with training, governed by role based access.
* Creating connectors is a developer role and can be done by your nominated developer.


Independence of resources We use the inherent scaling capabilities of the Microsoft Azure platform. This scaling allows demand management during peak times, reducing at non-peak times to optimise the service.


Service usage metrics Yes
Metrics types We provide metrics in a Dashboard screen within the Web Portal. It shows the following statistics: Tasks Processed Today; Tasks Completed Today; Tasks Abandoned Today; Search Criteria Tasks Processed; Search Detail Tasks Processed; Tasks Processed Last Seven Days. It will also show a graph of totals of each type of task (i.e. Non Endorsable 30, versus NIM-A etc) for the last 2 hours and last 24 hours. Finally, the range of completed tasks can be plotted on a map, showing the geographical distribution of where tasks are completed.
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency Less than once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach Our service depends on the continued compliance of the Microsoft Azure UK data centres.
SQL Azure transparent data encryption.
Blob storage transparent data encryption.
Task data is compressed and encrypted using AES256.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach No significant data is held in the service for any length of time as it is exported when completed tasks are processed by the Hybrid server and sent to your back office databases. At the end of the contract you may request the data return service.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • PDF
  • Word
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks Data is protected by encryption to AES-25. We expect you use a Mobile Device Management (MDM) system whilst using the service.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network Application traffic is additionally secured using application level compression and encryption within the TLS tunnel. Data at rest is also compressed and encrypted. The approach uses AES256. Users cannot login without time synchronisation and the client app will not run if the device is 'rooted'.

Availability and resilience

Availability and resilience
Guaranteed availability Our solution is hosted by Microsoft Azure platform and we use their service level as our baseline.
Approach to resilience We use the Microsoft Azure platform due to its scaling and resilience capabilities. We also utilise geographic replication of databases and services using a second UK datacentre to ensure that the service is resilient. Web services are provided by at least two instances at each data centre.
Outage reporting Our service desk will issue email alerts in the event that the service suffers any outages.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels We use role based access that is configured through an administrative (html-based) interface and utilises Active Directory / Federated Authentication.
Access restriction testing frequency Less than once a year
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach The inherent design of our services ensures that our staff do not have access to your protected information. We also monitor systems including internet-based communications and centrally managed group policies to ensure that our staff operate within their role function and no-one person has overall access. Our Development environment is separated from Operations and Service Management. Any incidents that occur will be reported and escalated up to CEO level where a formal report would be made to the client(s) affected, accordingly. We will produce a report within 24hours of the incident being detected. Working towards Cyber Essentials and ISO/IEC 27001.
Information security policies and processes We operate an information security policy. Our products are designed to ensure that our staff do not have access to your protected information. We monitor the service including internet-based communications and manage group policies to ensure our staff operate within their role function and no-one person has overall access to everything. Our development team is separated from operations and service management. Incidents are reported and escalated to CEO level where a formal report would be made to you. The client report is made within 24 hours of the incident being detected.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our configuration and change management processes records client configuration details, including knowledgebase materials in our Service Desk system. Change management follows a documented process that is described in the standard service management policy. We have set up a user forum for the service; PoliceBox User Group (PBUG) to cover product roadmap. Our Operations Department includes a process where changes can be simulated in a representative customer configuration for factory test purposes. This takes place before the formal release cycle to ensure that potential security impacts are identified.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We work with partners and research other sources to monitor emerging and discovered vulnerabilities. Our agile development process ensures that vulnerabilities that are identified can be graded and our resolution can be impact assessed. Our change management process ensures that software updates or knowledgebase articles are issued in a timely manner. Our Operations department track and monitor the conclusion remedial action. We operate a DevOps methodology that includes continuous integration and includes vulnerability as well as functional testing.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We use proactive monitoring of the service. In addition, the system provides Logs and Audit Logs to assist with monitoring and user behaviour. We also liaise with suppliers and clients in order to continue the company's continued alignment to GPG13. Audit logs comprise HMAC checksums to assure validity of data at rest. The collection of information in the field is only permitted on authorised devices.
Incident management type Supplier-defined controls
Incident management approach Our service desk is accessed via a web-based interface.Our standard service management policy sets out the process of Incident and Problem management cycles. Our service desk operates 'business to business'. It is your responsibility to ensure that calls from your user community are correctly analysed to eliminate local issues. We issue service tickets when calls are placed. We grade calls by priority and categorise problems. Depending on severity, the Change Management cycle may be invoked. We will use workarounds wherever possible to ensure continued service until a release cycle provides a formal resolution.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1.50 to £42.50 per person per month
Discount for educational organisations No
Free trial available Yes
Description of free trial We offer a free, time-bound trial that is designed to show you the main functions of the service but cannot be used for operational use. The trial would follow an initial discovery meeting where would discuss how the service could meet your requirements.

Service documents

Return to top ↑