IDS Group

eviFile

eviFile enables you to capture digital field data that you can trust

A new digital evidence standard for field data collection and reporting, that preserves and authenticates a visible chain of digital evidence – essential for making commercial decisions.

Features

  • Digital Photographic Evidence (ACPO Compliant)
  • Geo-tag your eviFiles and provide GPS location information
  • Google Maps to provide area information to your location
  • Highly secure Vault storage to protect all of your eviFiles
  • eviTrack (real-time location tracking)
  • Advanced, custom workflow component to manage a process
  • Smart work assignment and allocation
  • Interactive reports & dashboard

Benefits

  • Your eviFiles are proof for suppliers and court
  • Location information for avoidance of doubt
  • View your eviFile providing localised context
  • Reduced IT costs
  • Accurate, location-based data for tracking and evidence
  • Business process alignment
  • Control over how work is distributed, streamline processes, reduce costs
  • Single source of truth all from an integrated reporting solution

Pricing

£5 to £100 per person per month

Service documents

G-Cloud 10

565938081179912

IDS Group

Nick Halliday

07939952275

nick.halliday@ids-group.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints N/A
System requirements
  • Concurrent licenses
  • Mobile app (Android)
  • Web app via a browser

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Monday - Friday 9.00am - 5.30pm within 4 hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Yes, at an extra cost
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible N/A
Web chat accessibility testing N/A
Onsite support Yes, at extra cost
Support levels EviFile will provide assistance during the implementation of eviFile. Support services include:
• configuration
• end-user training
• support-user training
• user documentation
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started EviFile will provide assistance during the implementation of eviFile. Support services include:
• configuration
• end-user training
• support-user training
• user documentation
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Users have ability to export their data into PDF and CSV formats.
End-of-contract process EviFile offer an off-boarding service. The data in the eviFile environment belongs to the customer. Customers data is extracted from the eviFile Vault and is securely available for the customer. This removes the layers of encryption and renders the data no longer court admissible.

An alternative to off-boarding, at the end of a project, is Archiving.

eviFile offer an archiving solution for clients who may need reporting access to their data for a period of time after a project has finished. The data is migrated from the production environment into a lower maintenance environment in the same data centre, where a limited number of named users have reporting access via a browser based application to the data.
Due to varying requirements and legal constraints the length of time that data needs to be held for varies. Typically, this is 7-11 years. eviFile will liaise with the client company to ascertain the length of time that reporting access to archive data will be needed. The costs for archiving can be provided if required.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems Android
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Mobile App is used to create, locate and update an eviFile.
Web app is used by managers to review, share, allocate and approve an eviFile.
Accessibility standards WCAG 2.0 A
Accessibility testing Manual testing against https://www.w3.org/TR/WCAG20/ requirements
API No
Customisation available Yes
Description of customisation Because eviFile has also been built using the latest scalable technology we have the flexibility to customise the application and business process to accommodate exact needs, within the capability of the product and the future plans detailed in the roadmap.

Scaling

Scaling
Independence of resources Evifile is SaaS platform that provides ability to create a dedicated system for each client (own web site, separate data storage). For special requests, the client system can be moved on separated protected servers.
The Client System supports vertical as well as horizontal scaling (adding hardware resources in response of high workload).

Analytics

Analytics
Service usage metrics Yes
Metrics types The system provides reports blocks that provides usage metrics for final users.
Reporting types Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Administrators can export data
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The System works in High-availability mode, SLA 99%, all refunds are specified in contracts
Approach to resilience Hosting provider of eviFile provides >99.5% of SLA on their resources. eviFile works in High Availability mode and provides 99% for software availability.
Outage reporting Email and sms alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels On firewall level for particular IP addresses
Strict lock-out accounts mechanisms to prevent any brute forces
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users receive audit information on a regular basis
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Developed own IDS SDLC defines security governance on all stages of development and maintenance including regular web security analysis on eviFile and regular infrastructure security review.
Information security policies and processes NIST Publication. Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
NIST Digital Signature Standard (DSS)
UK Government electronic signatures guide
Own IDS SDLC for development (https://s3-eu-west-1.amazonaws.com/ids-security/IDS_SDLC.pdf)

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes pass quality assurance in test and staging environment before going live, policy for working with different source control branches allows responding quickly on any found security vulnerability.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Defined by internal policies that include regular vulnerabilities and patch scans, antivirus support, risk management
Risk for all potential threats are estimated according to OWASP Risk Rating Methodology https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology
Development of critical patches is based on estimated risks and can be started on the same day as found vulnerability
Own IDS SDLC process (https://s3-eu-west-1.amazonaws.com/ids-security/IDS_SDLC.pdf) defines collecting potential threats and define their mitigations on all stages of development (Define, Design, Develop, Test, Deploy, Maintain).
Protective monitoring type Supplier-defined controls
Protective monitoring approach Regular web security analysis based on OWASP Testing methodology and infrastructure security reviews allows to support security on high level
Dhound.io product (intrusion detection system) allows receiving quickly alerts about suspicious activities on servers
Incident management type Undisclosed
Incident management approach Developed response plan defines response time on user concerns, assessing issues, responsible people. eviFile provides email and phone support for final users. Work with incidents is private between eviFile and users.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £5 to £100 per person per month
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑