Long term CCTV cloud storage, remote access and analytics platform
SaaS solution to encrypt and transfer CCTV video data into secure cloud storage for remote and near-real-time access of an unlimited number of sites, unlimited number of cameras, stored for an unlimited period. Complete turnkey SaaS service with no upfront Capex. Off-network and runs alongside existing on-site recording solutions.
Features
- Cloud storage
- CCTV
- CCTV remote access
- GDPR compliance
- Secure CCTV storage
- Unlimited cloud CCTV storage
Benefits
- GDPR compliance
- Real-time video storage
- Insurance claim defence
- Unlimited cloud CCTV storage
Pricing
£7.50 a unit a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 10
Service ID
7 8 0 8 4 0 3 7 9 3 6 0 0 1 5
Contact
KOIOS TECHNOLOGY LTD
<removed>
Telephone: <removed>
Email: <removed>@9d90aa1e-8580-476c-9d8f-9d7f1cba8615.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- Nil
- System requirements
-
- Any current generation web browser
- No specific hardware requirements
- High speed internet connection (upload and download)
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Within 2 hours 0900-1700 Monday to Friday. Other SLA times and weekend coverage available by separate negotiation.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.0 AAA
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- As a self-service SaaS platform, minimal support is required. However, first and second line user support is available 0900-1700 Monday to Friday by email ticket and telephone within the UK. Detailed technical support for integration and API access is also available via a dedicated Technical Manager interface within the software engineering team. The aforementioned support levels are delivered at no additional cost. Additional cost support options are available for out of hours and weekend cover by ticket and telephone. On-site support is available at an additional cost and by agreement.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Full user documentation, online training and educational video resources are provided to get users up and running. User accounts can be created and email distributed to the buyers employees.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- Cloud transfer egress arrangement.
- End-of-contract process
- There are no end of contract costs, this is a true SaaS solution with no additional costs.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- No
- Designed for use on mobile devices
- No
- Accessibility standards
- WCAG 2.0 A
- Accessibility testing
- None, but planned for Q3 2018 via an approved accessibility UX testing organisation.
- API
- Yes
- What users can and can't do using the API
- A RESTful API is provided for authenticated and automated submission of videos for redaction and return of the redacted video. Full enterprise integration support is provided to the buyer if utilising the API method of access.
- API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- For large volume clients the user interface and deployed domain can be branded and customised to the buyers corporate style guidance and image.
Scaling
- Independence of resources
- Infrastructure is built upon a genuinely elastic computing (EC) platform that will limitlessly scale to real-time (sub-second) demand ensuring that peak demand from one user class cannot impact the performance of the application across all users.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Number of active users
Number of sites
Number of cameras
Number of logged incidents - Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Users can export their data to a location of their choice from within the platform. The solution provides redaction/pixelation tools for all exported video data to ensure compliance with GDPR.
- Data export formats
- Other
- Other data export formats
-
- AVI
- MP4
- Data import formats
- Other
- Other data import formats
-
- AVI
- MP4
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- Financially backed SLA provides guaranteed 99.99% uptime availability on a 24/7 365 basis. Any aborted transactions due to downtime will be automatically refunded to the user at 100% of the invoiced service cost.
- Approach to resilience
- In order not to breach non-disclosure agreements signed with our Tier1 data centre and Google Cloud Platform; this information is available on request.
- Outage reporting
- A private dashboard is available to all users, coupled with automated email alerts of service outage status and ETBOL (Estimated Time Back Online) information.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Full granular User level Access Control (UAC) is implemented throughout the application ensuring user-based access control rules and logic for separation of user, admin and reporting functions.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users receive audit information on a regular basis
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users receive audit information on a regular basis
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- EY CertifyPoint
- ISO/IEC 27001 accreditation date
- 11/05/2012
- What the ISO/IEC 27001 doesn’t cover
- Nil
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 05/01/2017
- CSA STAR certification level
- Level 1: CSA STAR Self-Assessment
- What the CSA STAR doesn’t cover
- Nil
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- The entire organisation has adopted ISO27001 for Information Security and conducts regular continuous personal development (CPD) training to ensure that staff members remain current and aware of best practice and company security policy. Senior Software Engineers have line responsibility for security within their development teams, reporting to the CTO who is the Board level responsible Officer for security. An independent Security Manager is responsible for maintenance and compliance of all aspects of our ISO27001 Security Management Plan.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- All product development is conducted in a non-production (staging and testing) environment with a granular Software Version Notation (SVN) solution providing full rollback and reversion capacity, coupled with pre-deployment version release notes. The system allows full control of pre-staging and pre-deployment testing and detailed notation and archive storage of all versions and iterations of the software as it progresses through the Digital by Default software development lifecycle.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Threats are assessed by: [1] robust internal whitehat vulnerability testing [2] user reported threats and [3] independent external penetration testing. Patches are deployed within 1 business day for critical patches. Independent threat information is provided by subscription services from McAfee and Google Cloud Platform.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Internal whitehat testing is coupled with external vulnerability and compromise monitoring and explicit proactive testing to form a multi-layered compromise monitoring system. Our response to a compromise is always [1] immediate disclosure [2] rapid patch and hotfix development followed by [3] slower deep analysis of the root cause of the compromise and an engineering review meeting to ensure the compromise is not a broader issue within the software solution.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Pre-defined processes exist for common events including, but not limited to, DOS and DDOS attacks, network saturation and MITM attacks. Users are able to report incidents via a 24/7 portal which is also the location for status updates and intra/post-incident reports.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £7.50 a unit a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- For large enterprise customers a 3 month free trial is provided for a single site with up to 8 cameras.