eviFile
eviFile enables you to capture digital field data that you can trust
A new digital evidence standard for field data collection and reporting, that preserves and authenticates a visible chain of digital evidence – essential for making commercial decisions.
Features
- Digital Photographic Evidence (ACPO Compliant)
- Geo-tag your eviFiles and provide GPS location information
- Google Maps to provide area information to your location
- Highly secure Vault storage to protect all of your eviFiles
- eviTrack (real-time location tracking)
- Advanced, custom workflow component to manage a process
- Smart work assignment and allocation
- Interactive reports & dashboard
Benefits
- Your eviFiles are proof for suppliers and court
- Location information for avoidance of doubt
- View your eviFile providing localised context
- Reduced IT costs
- Accurate, location-based data for tracking and evidence
- Business process alignment
- Control over how work is distributed, streamline processes, reduce costs
- Single source of truth all from an integrated reporting solution
Pricing
£5 to £100 a person a month
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at nick.halliday@ids-group.co.uk.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 10
Service ID
5 6 5 9 3 8 0 8 1 1 7 9 9 1 2
Contact
IDS Group
Nick Halliday
Telephone: 07939952275
Email: nick.halliday@ids-group.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Hybrid cloud
- Service constraints
- N/A
- System requirements
-
- Concurrent licenses
- Mobile app (Android)
- Web app via a browser
User support
- Email or online ticketing support
- Yes, at extra cost
- Support response times
- Monday - Friday 9.00am - 5.30pm within 4 hours
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Yes, at an extra cost
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- N/A
- Web chat accessibility testing
- N/A
- Onsite support
- Yes, at extra cost
- Support levels
-
EviFile will provide assistance during the implementation of eviFile. Support services include:
• configuration
• end-user training
• support-user training
• user documentation - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
EviFile will provide assistance during the implementation of eviFile. Support services include:
• configuration
• end-user training
• support-user training
• user documentation - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Users have ability to export their data into PDF and CSV formats.
- End-of-contract process
-
EviFile offer an off-boarding service. The data in the eviFile environment belongs to the customer. Customers data is extracted from the eviFile Vault and is securely available for the customer. This removes the layers of encryption and renders the data no longer court admissible.
An alternative to off-boarding, at the end of a project, is Archiving.
eviFile offer an archiving solution for clients who may need reporting access to their data for a period of time after a project has finished. The data is migrated from the production environment into a lower maintenance environment in the same data centre, where a limited number of named users have reporting access via a browser based application to the data.
Due to varying requirements and legal constraints the length of time that data needs to be held for varies. Typically, this is 7-11 years. eviFile will liaise with the client company to ascertain the length of time that reporting access to archive data will be needed. The costs for archiving can be provided if required.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 10
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- Yes
- Compatible operating systems
- Android
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
Mobile App is used to create, locate and update an eviFile.
Web app is used by managers to review, share, allocate and approve an eviFile. - Accessibility standards
- WCAG 2.0 A
- Accessibility testing
- Manual testing against https://www.w3.org/TR/WCAG20/ requirements
- API
- No
- Customisation available
- Yes
- Description of customisation
- Because eviFile has also been built using the latest scalable technology we have the flexibility to customise the application and business process to accommodate exact needs, within the capability of the product and the future plans detailed in the roadmap.
Scaling
- Independence of resources
-
Evifile is SaaS platform that provides ability to create a dedicated system for each client (own web site, separate data storage). For special requests, the client system can be moved on separated protected servers.
The Client System supports vertical as well as horizontal scaling (adding hardware resources in response of high workload).
Analytics
- Service usage metrics
- Yes
- Metrics types
- The system provides reports blocks that provides usage metrics for final users.
- Reporting types
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Physical access control, complying with SSAE-16 / ISAE 3402
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Administrators can export data
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- The System works in High-availability mode, SLA 99%, all refunds are specified in contracts
- Approach to resilience
- Hosting provider of eviFile provides >99.5% of SLA on their resources. eviFile works in High Availability mode and provides 99% for software availability.
- Outage reporting
- Email and sms alerts
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
-
On firewall level for particular IP addresses
Strict lock-out accounts mechanisms to prevent any brute forces - Access restriction testing frequency
- At least every 6 months
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users receive audit information on a regular basis
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- Developed own IDS SDLC defines security governance on all stages of development and maintenance including regular web security analysis on eviFile and regular infrastructure security review.
- Information security policies and processes
-
NIST Publication. Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
NIST Digital Signature Standard (DSS)
UK Government electronic signatures guide
Own IDS SDLC for development (https://s3-eu-west-1.amazonaws.com/ids-security/IDS_SDLC.pdf)
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- All changes pass quality assurance in test and staging environment before going live, policy for working with different source control branches allows responding quickly on any found security vulnerability.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Defined by internal policies that include regular vulnerabilities and patch scans, antivirus support, risk management
Risk for all potential threats are estimated according to OWASP Risk Rating Methodology https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology
Development of critical patches is based on estimated risks and can be started on the same day as found vulnerability
Own IDS SDLC process (https://s3-eu-west-1.amazonaws.com/ids-security/IDS_SDLC.pdf) defines collecting potential threats and define their mitigations on all stages of development (Define, Design, Develop, Test, Deploy, Maintain). - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Regular web security analysis based on OWASP Testing methodology and infrastructure security reviews allows to support security on high level
Dhound.io product (intrusion detection system) allows receiving quickly alerts about suspicious activities on servers - Incident management type
- Undisclosed
- Incident management approach
- Developed response plan defines response time on user concerns, assessing issues, responsible people. eviFile provides email and phone support for final users. Work with incidents is private between eviFile and users.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £5 to £100 a person a month
- Discount for educational organisations
- No
- Free trial available
- No
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at nick.halliday@ids-group.co.uk.
Tell them what format you need. It will help if you say what assistive technology you use.