Hitachi Vantara

Digital Evidence Management Platform

The Hitachi Digital Evidence Management (HDEM) platform ingests all types of digital evidence including video from all sources, applying MoPi, Disclosure management rules. The service manages evidential integrity, and allows democratisation of key functionality. Video editing, clipping, redaction are core functionality together with a map agnostic visualisation engine.


  • Digital Evidence ingestion of all evidence types ensuring disclosure managed
  • Manage, clip, redact, edit all types of video evidence management
  • Uploading of digital evidence from Citizens via a dedicated portal
  • Digital evidence sharing with accredited organisations
  • Self service investigation of digital data sets
  • Data visualisation via mapping for areas of interest
  • Remote access via HTML browser
  • Real time investigation capability with real time video feeds
  • Single viewing pane for multiple video and textural data sets
  • Evidence basket for collation of relevant sourced data


  • Enables Officers to collect evidence directly ingested from upload portal
  • Improved efficiency for cases officers with single evidence source investigations
  • Improved brought to justice performance through increased guilty pleas
  • Reduced requirement for officers to utilise specialist resources
  • Cross correlation of data for series crime analysis
  • Mobile enabled for use in field operations
  • Capability to filter relevant evidence quickly
  • Connectivity to multiple evidence sources
  • Connectivity to records management system reducing keying of information
  • Evidence analysis and reporting for disclosure purposes


£15 to £28 per user per month

  • Free trial available

Service documents

G-Cloud 11


Hitachi Vantara

Marlene Spensley

07387 065 637

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to HDEM offers a single platform to manage all type of digital evidence (data) and offers mapping, visualisation, analytics capabilities to derive insights from the Digital Evidence that is held. It can also be an extension to RMS systems and Command & Control systems for additional functionality
Cloud deployment model Hybrid cloud
Service constraints There are very few constraints on service delivery as browser based. The deployment model by Hitachi offers a full SaaS service regardless of adoption ensuring that customers benefit from 24x7x365 support from our UK Secure Operations Centre. There will be planned maintenance but this would pre-agreed with the client
System requirements
  • HDEM service is all encompassing, application layer, security, user management.
  • HDEM can be deployed in a virtual machines environment

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Hitachi offers 24x7x365 support for our Digital Evidence Management service. We classify the service as a mission critical application and ensure that the SLA offered is 99.97%. Resolution to the following Incident types Level 1(Critical) - 90% within 15 minutes, 2(High) 90% within 30 minutes 3(Medium) 90% within 2 hours 4(Low) 80% within 8 hours 5(Lowest) Not applicable. Response times remain the same at weekends.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AAA
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels The Support levels (99.97% availability) are built into the HDEM SaaS cost. A Service Delivery Manager is allocated to each client to ensure regular dialogue takes place and to keep clients up to date with new features as they become available.
- Ensures that the service and its integration to the wider enterprise estate performs as expected, typically to SLAs
- Acts to ensure that the overall delivery will meet SLAs through the contract lifespan
- Works with client's stakeholders to report and manage the service delivery, once live
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started HDEM offers a high degree of online help including frequently asked questions but is designed to be intuitive 'Apple Like' in the user experience. Should training be required this is offered either onsite or via remote tools such as Webex. The user interface design is training lite to reduce staff abstractions and enable efficiency gain from the system immediately
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction When the contract ends a full data migration service is offered to the client to ensure their data is extracted securely, passed to the client in a secure, encrypted manner and is fully deleted and audited as such.
End-of-contract process The contract includes the following in the price:- HDEM SaaS Application (Core functionality), 24 x 7 x 365 support, SLA provision, access to our Secure Operations Centre Helpdesk and 2 Ingestion points (typically RMS & Body Worn Video) but we are flexible to operational requirements.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service HDEM has a responsive User Interface and can work with the majority of web browsers and mobile devices. Our aim is for it to work on a N-2 basis with regards to browser versions.
Accessibility standards WCAG 2.1 AAA
Accessibility testing Testing has been conducted against browser accessibility settings such as screen magnification, keyboard setting etc. Also, we have tested with Dragon speech recognition and third party screen magnifiers.
What users can and can't do using the API HDEM offers an Open API structure which Hitachi publishes so third parties can integrate with the DEM platform. This is a connector based architecture thus allowing all types of digital evidence to be ingested.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation HDEM is a configurable SaaS platform thus allowing individual clients to personalise the User Interface, the workflow paths and the labelling within the platform. This is done without impacting on core functionality or the ability to maintain upgrades so that our clients maintain a consistent SaaS experience and benefit from new features. We aim to keep clients on at least N-2 version based on their ability to accept change.


Independence of resources The Service is monitored 24x7x365 including performance, storage capacity available, security threats, patching, malware protection and ongoing threat protection all to ensure optimum performance is maintained.


Service usage metrics Yes
Metrics types Reporting is accessed via the permission based MI Reporting in the SaaS Dashboard or can be emailed, covering:
• How Service Levels have been met.
• How clients can benefit from innovations available in HDEM Service.
• Details of how the service has been used by the client User community, such as:
-number of evidence items processed by type and case.
-throughput to the CPS.
-amount of storage used.
-user functions performed e.g. video clipping, editing, redaction
-service usage by user. Information that the client should be aware of to ensure the Digital Evidence Management service is being used appropriately
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach Data at rest is fully protected by multiple factors including the data if fully encrypted at rest, access is strictly controlled and audited, full audit log management is implemented
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach The HDEM Service offers a number of ways to access the data held. Data can be directly exported out of the system via Administrative capabilities (privilege based). However, from an operational perspective HDEM generates a Secure Authenticate 2 Factor URL to provide the Crown Prosecution Service with access to the Evidence held for a case. This can be passed to third parties and an audit trail is maintained in the Continuity of Evidence audit log.
Data export formats
  • CSV
  • Other
Other data export formats
  • .xls
  • .doc
  • .pdf
  • .wav
  • .mp4
  • .mov
  • .csv
  • .xml
  • .gif
  • .jpeg
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • .xls
  • .pdf
  • .mp4
  • .png
  • .mov
  • .doc
  • .avi
  • .wmv
  • .wav
  • .mp3

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks Our own HDEM management network is 'air gapped' from our corporate network thus ensure no access can be gained via our own network. We utilise a comprehensive security management protocol and threat protections which monitor the HDEM service continually to ensure our clients networks are fully protected.
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Hitachi offers 24x7x365 support for our Digital Evidence Management service. We classify the service as a mission critical application and ensure that the SLA offered is 99.97%
Approach to resilience Available on Request
Outage reporting Service outages are communicated to our clients through secure channels due to the sensitive nature of the service we provide.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels Across PSN network - utilise access, user role based permissions ability to integrate active directory domain, granular
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Our certificate comes from BSI
ISO/IEC 27001 accreditation date 17/04/2018
What the ISO/IEC 27001 doesn’t cover Hitachi Vantara is certified to ISO/IEC 27001:2013 for: 'The provision of remote managed services for solutions delivered by Hitachi Data Systems and supported by the Global Service Operations Centre (Hitachi Vantara SOC) in accordance with the Statement of Applicability Version 2.0 dated July 2015.' SOCs are located in the UK, Hong Kong and Malaysia.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards ISO/IEC 27005:2011: guidelines for information security risk management.
Supports the general concepts specified in ISO/IEC 27001, designed to assist the satisfactory implementation of information security based on a risk management approach.

Hitachi Vantara is aligned with ISO27005 Risk Management Methodologies’ for applicable risk assessment requirements of Hitachi Vantara services business.
Information security policies and processes Hitachi Vantara information Security Policy and controls requirements are aligned with ISO/IEC 27001/27002:2013.​
Hitachi Vantara Remote Managed Services Division is certified to ISO27001:2013

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Hitachi Vantara Change Management Process is established using ITSM best Practices. All changes are reviewed by the key stakeholder as part of CAB which is chaired by Change Manager.
All user impacted changes are communicated through weekly IT service bulletin.

The change management process is reviewed every year as part of the ITGC SOX Controls. ​Our change management process includes a weekly meeting where changes are presented to a board of members from various departments in IT to review, discuss, and approve the changes.  Information Security has a seat on the board.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We are happy to get in contact with the customer and provide them with a walkthrough of our Threats & Incidents Response and Vulnerability management program. We have a program in place and we are working with multiple development and engineering to ensure immediate and timely response to disclosed vulnerabilities and we are coordinating with Hitachi Global incident response team in Japan. In fact, Eric Hibbard CTO of Security and Privacy in HDS is a lead consultant guiding and leading all these efforts and sits on a number of oversight committees within the industry, such as ISO.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach IPS/IDS and event Monitoring is provided using ActiveGuard solution. Monitored events and incidents are correlated against known threats and anomalies recognised in the security industry and based upon thresholds are actively alerted to Hitachi for immediate action.
Where necessary, Hitachi may invoke the use of the SIRT to immediately act. The SIRT is made up from representatives of the whole Hitachi organisation and carries the skills identified as required to deal with such incidents.
Incident management type Supplier-defined controls
Incident management approach GEO Incident Management Team and Corporate Crisis Management Team is in-place to manage any major incidents. Hitachi Vantara has a robust Incident Management Team (IMT) Plan which includes Communications team members and should an incident occur that would impact customer, the account manager or IMT would notify the customer immediately. If there is a business need, we are happy to set up a specific escalation plan with the Customer

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • Scottish Wide Area Network (SWAN)


Price £15 to £28 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Bespoke by Agreement

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑