This G-Cloud 10 service is no longer available to buy.

The G-Cloud 10 framework expired on Tuesday 2 July 2019. Any existing contracts with IDS Group are still valid.
IDS Group

eviFile

eviFile enables you to capture digital field data that you can trust

A new digital evidence standard for field data collection and reporting, that preserves and authenticates a visible chain of digital evidence – essential for making commercial decisions.

Features

  • Digital Photographic Evidence (ACPO Compliant)
  • Geo-tag your eviFiles and provide GPS location information
  • Google Maps to provide area information to your location
  • Highly secure Vault storage to protect all of your eviFiles
  • eviTrack (real-time location tracking)
  • Advanced, custom workflow component to manage a process
  • Smart work assignment and allocation
  • Interactive reports & dashboard

Benefits

  • Your eviFiles are proof for suppliers and court
  • Location information for avoidance of doubt
  • View your eviFile providing localised context
  • Reduced IT costs
  • Accurate, location-based data for tracking and evidence
  • Business process alignment
  • Control over how work is distributed, streamline processes, reduce costs
  • Single source of truth all from an integrated reporting solution

Pricing

£5 to £100 a person a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nick.halliday@ids-group.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 10

Service ID

5 6 5 9 3 8 0 8 1 1 7 9 9 1 2

Contact

IDS Group Nick Halliday
Telephone: 07939952275
Email: nick.halliday@ids-group.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Hybrid cloud
Service constraints
N/A
System requirements
  • Concurrent licenses
  • Mobile app (Android)
  • Web app via a browser

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Monday - Friday 9.00am - 5.30pm within 4 hours
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
N/A
Web chat accessibility testing
N/A
Onsite support
Yes, at extra cost
Support levels
EviFile will provide assistance during the implementation of eviFile. Support services include:
• configuration
• end-user training
• support-user training
• user documentation
Support available to third parties
Yes

Onboarding and offboarding

Getting started
EviFile will provide assistance during the implementation of eviFile. Support services include:
• configuration
• end-user training
• support-user training
• user documentation
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Users have ability to export their data into PDF and CSV formats.
End-of-contract process
EviFile offer an off-boarding service. The data in the eviFile environment belongs to the customer. Customers data is extracted from the eviFile Vault and is securely available for the customer. This removes the layers of encryption and renders the data no longer court admissible.

An alternative to off-boarding, at the end of a project, is Archiving.

eviFile offer an archiving solution for clients who may need reporting access to their data for a period of time after a project has finished. The data is migrated from the production environment into a lower maintenance environment in the same data centre, where a limited number of named users have reporting access via a browser based application to the data.
Due to varying requirements and legal constraints the length of time that data needs to be held for varies. Typically, this is 7-11 years. eviFile will liaise with the client company to ascertain the length of time that reporting access to archive data will be needed. The costs for archiving can be provided if required.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
Android
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Mobile App is used to create, locate and update an eviFile.
Web app is used by managers to review, share, allocate and approve an eviFile.
Accessibility standards
WCAG 2.0 A
Accessibility testing
Manual testing against https://www.w3.org/TR/WCAG20/ requirements
API
No
Customisation available
Yes
Description of customisation
Because eviFile has also been built using the latest scalable technology we have the flexibility to customise the application and business process to accommodate exact needs, within the capability of the product and the future plans detailed in the roadmap.

Scaling

Independence of resources
Evifile is SaaS platform that provides ability to create a dedicated system for each client (own web site, separate data storage). For special requests, the client system can be moved on separated protected servers.
The Client System supports vertical as well as horizontal scaling (adding hardware resources in response of high workload).

Analytics

Service usage metrics
Yes
Metrics types
The system provides reports blocks that provides usage metrics for final users.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Administrators can export data
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The System works in High-availability mode, SLA 99%, all refunds are specified in contracts
Approach to resilience
Hosting provider of eviFile provides >99.5% of SLA on their resources. eviFile works in High Availability mode and provides 99% for software availability.
Outage reporting
Email and sms alerts

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
On firewall level for particular IP addresses
Strict lock-out accounts mechanisms to prevent any brute forces
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Developed own IDS SDLC defines security governance on all stages of development and maintenance including regular web security analysis on eviFile and regular infrastructure security review.
Information security policies and processes
NIST Publication. Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
NIST Digital Signature Standard (DSS)
UK Government electronic signatures guide
Own IDS SDLC for development (https://s3-eu-west-1.amazonaws.com/ids-security/IDS_SDLC.pdf)

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes pass quality assurance in test and staging environment before going live, policy for working with different source control branches allows responding quickly on any found security vulnerability.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Defined by internal policies that include regular vulnerabilities and patch scans, antivirus support, risk management
Risk for all potential threats are estimated according to OWASP Risk Rating Methodology https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology
Development of critical patches is based on estimated risks and can be started on the same day as found vulnerability
Own IDS SDLC process (https://s3-eu-west-1.amazonaws.com/ids-security/IDS_SDLC.pdf) defines collecting potential threats and define their mitigations on all stages of development (Define, Design, Develop, Test, Deploy, Maintain).
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Regular web security analysis based on OWASP Testing methodology and infrastructure security reviews allows to support security on high level
Dhound.io product (intrusion detection system) allows receiving quickly alerts about suspicious activities on servers
Incident management type
Undisclosed
Incident management approach
Developed response plan defines response time on user concerns, assessing issues, responsible people. eviFile provides email and phone support for final users. Work with incidents is private between eviFile and users.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£5 to £100 a person a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nick.halliday@ids-group.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.