Evolution Artificial Intelligence ltd

Evolution AI Transcribe & Classify - Public Cloud

An Artificial Intelligence based Natural Language Processing software that enables the automated extraction and classification of structured data from unstructured data sources such as word documents, pdfs, web pages, xml files, scanned documents and other.


  • Flexible input: word, pdf, web pages, document scans
  • Export to multiple database and knowledge base formats
  • Big data processing capabilities
  • Secure Public cloud/Private cloud/Hybrid cloud or on premise deployment
  • Named Entity Recognition (NER) and text classification


  • Extract structured data from unstructured sources automatically
  • Classify data according to predefined classes
  • Increase staff ability to process documents
  • Clear up paperwork backlogs
  • Draw new understanding from your stored data


£1600 per user per month

Service documents

G-Cloud 10


Evolution Artificial Intelligence ltd

Rafal Kwasny

+44 207 0417121


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints We reserve the right to perform planned maintenance activities with prior notification.
System requirements
  • Annual License
  • Usage within a data allowance

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 1 hour Mondays-Fridays 9am-5pm
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.0 AA or EN 301 549 9: Web
Web chat accessibility testing All delivered user facing web interfaces are WCAG 2.0 AA compliant, in our software development lifecycle we enforce accessibility standards and periodically test together with assistive technology users.
Onsite support Yes, at extra cost
Support levels Basic Level
A basic level of support is included in all standard contracts. For each contract a Technical Account Manager is appointed.
We provide 9-5 Business Days support with 1-hour initial response to critical issues.

Basic Level + On-site support
Additional on-site support is charged at our published SFIA rate card.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide extensive consultancy during project initiation. This includes system configuration, onsite training, support and user training and documentation.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Transcribe is essentially a data extraction tool, so users are extracting data as they use it. Individual projects can be set up and stored on the system, and when the contract ends, the user can simply download all this data, in open JSON format. We can provide assistance in this matter.
End-of-contract process We charge an annual subscription based on the number of users.
Included in the price is a team data allowance.
If the data allowance is used up extra data can be purchased.
Consultancy work and project planning are additional to the contract and are chargeable at our day rate.
At the end of the contract access to the system is suspended.
All data stored on our system at the point of contract end can be downloaded in an open format (JSON), or the subscription renewed. After contract termination data will be permanently removed.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing All delivered user facing web interfaces are WCAG 2.0 AA compliant, in our software development lifecycle we enforce accessibility standards. All supplied web interfaces are tested by independent accessibility consultants.
What users can and can't do using the API We provide an industry standard REST api to interact with our systems.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Our systems can be customised to suit specific client needs. All customisation should be performed by authorised consultants.


Independence of resources 'Transcribe & Classify' can be hosted using a workload management strategy on scalable systems. Each user gets a dedicated instance/amount of CPU processing capacity. Autoscaling is built into our hosting, ensuring that system resources increase depending on the number of users that are logged on.


Service usage metrics Yes
Metrics types System metrics for precision, recall and F1 will be measured during the setup phase of using 'Transcribe & Classify'. This determines when the system is ready to go into production mode and run on batches of documents.

Batch reports are prepared for each system run covering precision, recall and F1 metrics, as well as numbers of records processed, rows of data extracted.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Outputs generated can be exported to downstream systems such as SQL databases e.g. MySQL, or a graph database standard e.g. NEO4J.
Raw data in open and documented JSON format is also provided.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • SQL
  • NEO4J
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Jpg
  • .doc
  • Html
  • Xml
  • Json
  • Pdf

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability We host our service on AWS, our SLA ensures monthly uptime percentage of at least 99.95%.
If services do not meet this standard in any one month, a service credit is offered to the user and used against the following month account balance, we extend these same terms to our service users.

Between 99-99.95% uptime, a service credit of 10% of the current month total for that service will be applied to the following month's account.
Below 99% availability, a service credit of 30% of the current month total for that service will be applied to the following month's account.
Approach to resilience Our datacentre setup is hosted on Amazon web services and our strategy and procedures for resilience are available on request.
Outage reporting System outages are reported via email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels To be completed
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Security governance is managed within the organisation through the CTO setting and documenting standards, protocols, and procedures.
Information security policies and processes Chief Technology Officer (or equivalent) is responsible for overseeing all aspects of information security, including but not limited to:
creating and distributing security policies and procedures
monitoring and analysing security alerts and distributing information to appropriate information security and business unit management personnel
creating and distributing security incident response and escalation procedures that include:
maintaining a formal security awareness program for all employees that provides multiple methods of communicating awareness and educating employees (for example, posters, letters, meetings)
System and Application Administrators shall:
monitor and analyse security alerts and information and distribute to appropriate personnel
administer user accounts and manage authentication
monitor and control all access to data
maintain a list of service providers
ensure there is a process for engaging service providers including proper due diligence prior to engagement
maintain a program to verify service providers’ PCI-DSS compliant status, with supporting documentation
The Human Resources Office (or equivalent) is responsible for tracking employee participation in the security awareness program, including:
facilitating participation upon hire and at least annually
ensuring that employees acknowledge in writing at least annually that they have read and understand the company’s information security policy

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We utilise a standard ITIL change management workflow. We ensure that all proposed changes are evaluated for their benefits and risks, and that all impacts are considered. We require that all changes are thoroughly tested and that each deployment includes a back-out plan to restore the state of the environment in the event that the deployment fails. Each change that occurs will be evaluated for its impact on security.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Internal and external network vulnerability scans run at least quarterly and after any significant change in the network.

Annual internal vulnerability scans must be performed by internal staff or a 3rd party vendor and the scan process has to include that rescans will be done until passing results are obtained, or all High vulnerabilities as defined in PCI DSS Requirement 6.2 are resolved.

Annual external vulnerability scans must be performed. Scans conducted after network changes may be performed by the company’s internal staff. The scan process should include re-scans until passing results are obtained.
Protective monitoring type Undisclosed
Protective monitoring approach Our Vulnerability Management Policy states: "Evolution AI will run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades).

Annual internal & external vulnerability scans must be performed by Evolution AI by internal staff or a 3rd party vendor ensuring passing results are obtained, or all High vulnerabilities as defined in PCI DSS Requirement 6.2 are resolved. Evolution AI maintains a Security Management / Incident Response Plan.
Incident management type Undisclosed
Incident management approach When a security incident occurs, or is suspected, the security officer should investigate as follows:
Try to identify at a high level what damage has been done.
Alert management and begin informing all relevant parties.
Start a written event log.
Limit the damage to your customers, your company, and preserve information about the attack.
If the attack affected computers, DO NOT use the computers: DO NOT log on to them, DO NOT turn them off. DO disconnect them from all networks and connections.
An incident report is then produced by the security officer.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1600 per user per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑