Axon Public Safety UK Limited

Evidence.com & Associated Applications/Tools

Evidence.com is a comprehensive digital asset management solution that streamlines data management and sharing within one secure platform. Our robust, cloud-based system stores all your data — from body-worn cameras to audio records — and processes it using features like redaction and CAD/RMS integration.

Features

  • Upload and manage data in any format, eliminate data silos
  • Automatically ingest Axon/TASER data, and manage devices
  • Annotate with custom metadata fields and free text tags
  • Intelligent, comprehensive search engine for all system entities
  • Secure, digital sharing to the Crown or other stakeholders
  • Audit and report on all system access, actions, entities, usage
  • Integrate with existing systems to complement operations
  • Active Directory integrated deployment, groups and reporting
  • Robust, automated and manual redaction tools
  • Collaboration, request access, and case management tools

Benefits

  • Dictate access to features and assets at a granular level
  • Configure automated tagging to trigger workflows (retention, access, search-ability)
  • Instant, cost-effective scaling of storage and resources
  • Multiple layers of redundancy across physically separate datacentres, disaster recovery
  • Preserve chain of custody, originals never altered, HAS-2 hash verification
  • Manage users, assets, devices, cases and metadata from one application
  • Playback, redact, transcribe, make clips, enhance within application; maintaining original
  • Sychronised playback up to four videos from multiple vantage points
  • Significant R&D incorporating ethical machine learning and artificial intelligence
  • Automated updates and improvements pushed monthly, early access options

Pricing

£150 to £365 per licence per year

Service documents

Framework

G-Cloud 11

Service ID

7 6 0 1 2 8 2 0 4 7 9 8 7 1 4

Contact

Axon Public Safety UK Limited

Matthew Spencer

07973 887 938

tenders@axon.com

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Evidence.com is a standalone Digital Asset Management System, however it is intrinsically connected with Axon solutions such as body worn cameras, interview room, and Fleet. Evidence.com acts as the data repository, configuration, and management interface of these connected solutions. Axon supports bundling these solutions together with Evidence.com licenses, if desired.
Cloud deployment model Community cloud
Service constraints The only requirement for accessing Evidence.com is a modern web browser and internet connection. Connected & associated mobile software applications require current iOS or Android software.
System requirements
  • A modern web browser (supported browsers listed in service description)
  • License for application in accordance with provided service definition
  • Additional Add-On Features included in licenses for access to them

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times vary based on the severity of the ticket.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels Axon provides a support guarantee in the form of a Service Level Agreement. This is a contractual commitment to customers in terms of application uptime (99.99%) and customer service response and resolution times. To prioritize support, Axon categorizes issues into severity levels. Severity 1: Business critical function is down, Material impact to Customer's business, no workaround exists. Severity 2: Business critical function is impaired or degraded, there are time sensitive issues that materially impact ongoing production, Workaround exists, but it is only temporary. Severity 3: Non-critical function down or impaired, does not have significant current production impact, performance is degraded. Please see https://uk.axon.com/trust/security/evidence/sla for details.
Axon provides a dedicated Account Manager (AM) with technical experience and access to systems engineers and other technical resources if needed. The AM is a post-deployment resource that will have comprehensive knowledge of the customer’s solution including all customisations. They are available for high level support and will serve as a liaison voicing customer feedback and comments to the Axon product teams. Using that feedback, we are able to adjust future developments, operations, and support strategies to ensure your ongoing satisfaction.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started A typical implementation will include interactive Train the Trainer sessions onsite. During initial project scoping a training workshop will take place that will allow Axon to create a custom training plan tailored to the customer’s desired use of the system. Training courses can be customised so users receive personalised training for their role. Axon will provide all system manuals, quick start guides, and training documents to the customer to use at their convenience for other training needs.

Additionally, Axon developed a platform available for training and refresher courses. Axon Academy is a comprehensive learning management system that brings together our product resources and our industry expertise to provide robust training and refresher resources. This ensures officers continue to operate the system confidently, and understand new functionality when available to incorporate them into your workflow to best improve your operations. Axon Academy provides e-learning modules, virtual training courses, and certification courses. These vary in length and include self-learning resources so users can go at their own pace.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Customers own their own data at all times, so data can be extracted at any point. This process can be facilitated in a number of ways including the bulk export feature native to the application. The simplest method for data/metadata migration is via system APIs. Axon’s API manual will be made available upon request, which details steps for developers to follow for this contingency. Migration is secure and can be validated with the cryptographic hash applied to all assets stored in Evidence.com ensuring there is no loss or corruption of data. Data is available for up to ninety (90) days to support migration to a new location. After this 90-day period or upon notification from customer, Axon will delete all customer content stored on Evidence.com services. This deletion occurs on all media in which customer content is stored.
End-of-contract process At the end of the contract an exit plan will commence. Axon’s support teams that are generally available to the customer will be available to support post-termination data retrieval including providing Axon’s API manual and support in use of the application’s native export tools at no additional cost. Additional support for migration such as Axon’s Data Migration Services, can be provided for an additional cost as described in the pricing sheet.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Evidence.com is browser based so it operates with the behaviour of the device running the browser. The application incorporates various web development styles to ensure all key information is visible logically regardless of the device used to access it.
Service interface Yes
Description of service interface In addition to Axon’s customer support division, which includes live phone support: The Axon Help Center is accessible from any standard web browser, and you do not need to be logged in to Evidence.com in order to access it. The Help Center provides a central location for product documentation, frequently asked questions, and troubleshooting tips for working with TASER devices, Axon devices, and Axon software and applications.
Accessibility standards None or don’t know
Description of accessibility The Axon Help Center is accessible from any standard web browser, and you do not need to be logged in to Evidence.com in order to access it. The Help Center provides a central location for product documentation, frequently asked questions, and troubleshooting tips for working with TASER devices, Axon devices, and Axon software and applications.

If you can’t find the information you need in the Help Center, you can also contact customer support via phone or submit a ticket via email from www.help.axon.com.
Accessibility testing Axon has not conducted any formal testing to date on this technology.
API Yes
What users can and can't do using the API The Evidence.com Partner API is a toolkit of RESTful resources that provide programmatic read/write access to various Evidence.com entities and their attributes held in the application. The Partner API can be used to send/retrieve data from other systems. Axon’s API manual will be made available upon request, which details steps to develop an API client for an existing system. Additionally, Axon can provide professional services for the development of an API client allowing customers to set up integrations between their various systems and Evidence.com. Depending on the nature and extent of the integration, Axon can set limitations and a change management plan for any changes that will be documented in a scope of work beforehand.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Evidence.com is highly customisable to the needs and desired use of customers. Administrators have a dedicated interface where they can access administrative controls including configurations. Administrative controls are broken into sections: users, agency, devices, and security. All components of system access to content and features are configurable at a granular level in the form of role based access control. Organisations can create user roles and groups within the application, or integrate with their Active Directory enabling single sign on. It also supports automatic user provisioning via the System for Cross-domain Identity Management (SCIM) protocol for Azure Active Directory users. The application supports the creation of custom metadata fields to annotate and search digital assets, security settings such as password management and IP restrictions can all be customised all from the application’s interface. The Axon ecosystem supports connected hardware (TASERS, body cameras, in-car cameras, interview room solutions, etc.) that can all be connected to and configured from the application. The ability to configure or customise these components is a user right within the application, so customers can dictate who can customise.

Scaling

Scaling
Independence of resources Evidence.com was designed and is operated to run as a multi-tenant hyper scalable cloud environment. Site reliability teams monitor system capacity and utilization to ensure users are not affected by the demand of others. The service is designed to quickly scale to meet increased utilization.

Analytics

Analytics
Service usage metrics Yes
Metrics types Evidence.com can display metrics on system usage by user, group, volume of data, data type (format), licenses, types of information (organised by customisable metadata fields), device information (when connected with TASERs or Axon camera solutions). Evidence.com provides dashboards, native reports, search result exports, and audit trails to detail system usage metrics.

Also, with Axon Performance - Police Forces can have reporting that proactively informs supervisors of officers in need - information that is always up to date in near-real time, enabling proactive & immediate responses.
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach Evidence data at rest is protected with 256-bit AES encryption, multiple layers of redundancy, and stored in a geographically separate datacentre. Axon also has finely tuned web application firewalls, we leverage security intelligence tools for continuous monitoring, and deploy layers of defence to detect and react to any malicious activity. In addition to annual 'IT Health Check' performed by a CHECK service provider, Axon's security team oversees frequent vulnerability scans and at least quarterly penetration tests performed by experts and vetted third-party security firms. Regular updates and patches and pushed seamlessly ensuring data is safeguarded to the highest security standards.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Customers own their own data, so data can be extracted at any point. This process can be facilitated in several ways including the bulk export feature native to the application. This is managed through the application’s interface and is subject to the roles and permissions configured by the customer. The simplest method for mass data/metadata migration is via system APIs. Axon’s API manual will be made available upon request, which details steps for developers to follow. Migration is secure and can be validated with the cryptographic hash applied to all assets stored in Evidence.com.
Data export formats
  • CSV
  • Other
Other data export formats Data is exported in its original format
Data import formats
  • CSV
  • Other
Other data import formats All standard data formats

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks Data Encryption in Transit:
- FIPS 140-2 validated: Axon Cryptographic Module (cert #2878)
- TLS 1.2 implementation with 256 bit connection, RSA 2048 bit key, Perfect Forward Secrecy
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network The internal network is segmented into subnets which are designed and configured to only allow for traffic for required services.

Availability and resilience

Availability and resilience
Guaranteed availability Axon is committed to make the Evidence.com service offerings available at least 99.99% of the time with different tiers of service credits offered in relation to the uptime percentage achieved. For more information on our robust service level commitments, please see https://uk.axon.com/trust/security/evidence/sla
Approach to resilience Evidence.com leverages infrastructure as a service (IaaS) cloud providers and layers of additional resiliency and redundancy measures on top of these services to provide application resiliency including geographic, connectivity, hardware, and data failover.
Outage reporting Evidence.com is monitored by a dedicated site reliability team to identify outages or degradation to services. If a significant outage occurs, Axon will initiate an email to system administrators in affected regions. Email updates will be provided through outage resolution.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication As an additional level of authentication, customers can specify IP addresses and ranges of IP addresses authorised to their Evidence.com tenant. Evidence.com supports this functionality through the application interface simplifying management and allowing customers to adjust these as necessary. With IP restrictions enabled, customers are still required to authenticate using credentials.
Access restrictions in management interfaces and support channels Access to assets and functions is granularly defined at the role level by customers. The system has a dynamic interface, so users will only see the functions they have access to. For example, a user without Administrator permissions, will not see the “Admin” tab. When searching for assets, users can view only limited text fields of files they do not have access to. This enables a “request access” feature controlling duration and what the user can do with the asset.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Description of management access authentication As an additional level of authentication, customers can specify IP addresses and ranges of IP addresses authorised to their Evidence.com tenant.

Evidence.com supports this functionality through the application interface simplifying management and allowing customers to adjust these as necessary. With IP restrictions enabled, customers are still required to authenticate using credentials.

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 EY CertifyPoint
ISO/IEC 27001 accreditation date 20/11/2015
What the ISO/IEC 27001 doesn’t cover To review certification and scoping, please see https://uk.axon.com/trust/compliance
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 20/12/2017
CSA STAR certification level Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover To review certification and scoping, please see https://uk.axon.com/trust/compliance
PCI certification No
Other security certifications Yes
Any other security certifications
  • ISO/IEC 27018:2014 Certified
  • Cyber Essentials Certified
  • AICPA SOC 2 Type II reporting

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards -ISO/IEC 27001:2013 Certified
-ISO/IEC 27018:2014 Certified
-CSA STAR Attestation
-UK Cloud Security Principles
-Cyber Essentials Certified
-AICPA SOC 2 Type 2 reporting
We are continually building our compliance and trust program, please see our website for a comprehensive list: https://uk.axon.com/trust/compliance
Information security policies and processes Axon has a dedicated Information Security department, lead at the executive level by our Chief Information Security Officer (CISO). A team of security analysts, engineers, and compliance specialists maintain our information security policies, programs and processes to ensure the ongoing effectiveness and improvement of Axon's Information Security Management System (ISMS).

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Axon maintains configuration and change management procedures to ensure all changes to the Evidence.com service are carried out in a planned, well-documented, repeatable, and authorised manner for the application and its supporting infrastructure.
Procedures are implemented to define the development and lifecycle of products and to ensure all changes adhere to the Axon policies and procedures. Development of new features, products and major changes to Evidence.com follow a Secure System Development lifecycle. Axon Change Management Procedures are implemented which outline change authorization processes including ISO 9001 compliant Quality Assurance (QA) testing and approval requirements.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Axon conducts regular vulnerability assessments to improve Evidence.com and Axon security controls and processes. Identification programs for Evidence.com include frequent vulnerability scans and at least quarterly penetration tests performed by highly specialised teams and vetted by 3rd party security firms, including an annual IT Health Check. All identified vulnerabilities are evaluated by the Axon Information Security team, assigned risk and remediation time frames, and tracked through remediation. Axon also maintains a system patching policy which establishes requirements for timely patching of software. Threats are identified and managed by a dedicated Axon security operations team.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Axon has deployed protective monitoring that adheres to National Cyber Security Centre (NCSC) guidance for security monitoring. Axon leverages a suite of technologies to collect, aggregate, monitor and analyse security logs and to track the ongoing effectiveness of protective security measures.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Axon has deployed incident management processes that include multi-step incident response processes and instructions for incident notification. Steps include incident identification, containment, eradication, recovery and post incident analysis.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Public Services Network (PSN)

Pricing

Pricing
Price £150 to £365 per licence per year
Discount for educational organisations No
Free trial available Yes
Description of free trial We can create a dedicated demo account with full functionality. We offer bespoke trial scopes and periods depending on your organisation's needs.
Link to free trial Please contact jeremy@axon.com

Service documents

Return to top ↑