This G-Cloud 10 service is no longer available to buy.

The G-Cloud 10 framework expired on Tuesday 2 July 2019. Any existing contracts with KOIOS TECHNOLOGY LTD are still valid.
KOIOS TECHNOLOGY LTD

Long term CCTV cloud storage, remote access and analytics platform

SaaS solution to encrypt and transfer CCTV video data into secure cloud storage for remote and near-real-time access of an unlimited number of sites, unlimited number of cameras, stored for an unlimited period. Complete turnkey SaaS service with no upfront Capex. Off-network and runs alongside existing on-site recording solutions.

Features

  • Cloud storage
  • CCTV
  • CCTV remote access
  • GDPR compliance
  • Secure CCTV storage
  • Unlimited cloud CCTV storage

Benefits

  • GDPR compliance
  • Real-time video storage
  • Insurance claim defence
  • Unlimited cloud CCTV storage

Pricing

£7.50 a unit a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at <removed>@9d90aa1e-8580-476c-9d8f-9d7f1cba8615.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 10

Service ID

7 8 0 8 4 0 3 7 9 3 6 0 0 1 5

Contact

KOIOS TECHNOLOGY LTD <removed>
Telephone: <removed>
Email: <removed>@9d90aa1e-8580-476c-9d8f-9d7f1cba8615.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
Nil
System requirements
  • Any current generation web browser
  • No specific hardware requirements
  • High speed internet connection (upload and download)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 2 hours 0900-1700 Monday to Friday. Other SLA times and weekend coverage available by separate negotiation.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.0 AAA
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
As a self-service SaaS platform, minimal support is required. However, first and second line user support is available 0900-1700 Monday to Friday by email ticket and telephone within the UK. Detailed technical support for integration and API access is also available via a dedicated Technical Manager interface within the software engineering team. The aforementioned support levels are delivered at no additional cost. Additional cost support options are available for out of hours and weekend cover by ticket and telephone. On-site support is available at an additional cost and by agreement.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Full user documentation, online training and educational video resources are provided to get users up and running. User accounts can be created and email distributed to the buyers employees.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Cloud transfer egress arrangement.
End-of-contract process
There are no end of contract costs, this is a true SaaS solution with no additional costs.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
No
Accessibility standards
WCAG 2.0 A
Accessibility testing
None, but planned for Q3 2018 via an approved accessibility UX testing organisation.
API
Yes
What users can and can't do using the API
A RESTful API is provided for authenticated and automated submission of videos for redaction and return of the redacted video. Full enterprise integration support is provided to the buyer if utilising the API method of access.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
For large volume clients the user interface and deployed domain can be branded and customised to the buyers corporate style guidance and image.

Scaling

Independence of resources
Infrastructure is built upon a genuinely elastic computing (EC) platform that will limitlessly scale to real-time (sub-second) demand ensuring that peak demand from one user class cannot impact the performance of the application across all users.

Analytics

Service usage metrics
Yes
Metrics types
Number of active users
Number of sites
Number of cameras
Number of logged incidents
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can export their data to a location of their choice from within the platform. The solution provides redaction/pixelation tools for all exported video data to ensure compliance with GDPR.
Data export formats
Other
Other data export formats
  • AVI
  • MP4
Data import formats
Other
Other data import formats
  • AVI
  • MP4

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Financially backed SLA provides guaranteed 99.99% uptime availability on a 24/7 365 basis. Any aborted transactions due to downtime will be automatically refunded to the user at 100% of the invoiced service cost.
Approach to resilience
In order not to breach non-disclosure agreements signed with our Tier1 data centre and Google Cloud Platform; this information is available on request.
Outage reporting
A private dashboard is available to all users, coupled with automated email alerts of service outage status and ETBOL (Estimated Time Back Online) information.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Full granular User level Access Control (UAC) is implemented throughout the application ensuring user-based access control rules and logic for separation of user, admin and reporting functions.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
EY CertifyPoint
ISO/IEC 27001 accreditation date
11/05/2012
What the ISO/IEC 27001 doesn’t cover
Nil
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
05/01/2017
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
Nil
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
The entire organisation has adopted ISO27001 for Information Security and conducts regular continuous personal development (CPD) training to ensure that staff members remain current and aware of best practice and company security policy. Senior Software Engineers have line responsibility for security within their development teams, reporting to the CTO who is the Board level responsible Officer for security. An independent Security Manager is responsible for maintenance and compliance of all aspects of our ISO27001 Security Management Plan.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All product development is conducted in a non-production (staging and testing) environment with a granular Software Version Notation (SVN) solution providing full rollback and reversion capacity, coupled with pre-deployment version release notes. The system allows full control of pre-staging and pre-deployment testing and detailed notation and archive storage of all versions and iterations of the software as it progresses through the Digital by Default software development lifecycle.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Threats are assessed by: [1] robust internal whitehat vulnerability testing [2] user reported threats and [3] independent external penetration testing. Patches are deployed within 1 business day for critical patches. Independent threat information is provided by subscription services from McAfee and Google Cloud Platform.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Internal whitehat testing is coupled with external vulnerability and compromise monitoring and explicit proactive testing to form a multi-layered compromise monitoring system. Our response to a compromise is always [1] immediate disclosure [2] rapid patch and hotfix development followed by [3] slower deep analysis of the root cause of the compromise and an engineering review meeting to ensure the compromise is not a broader issue within the software solution.
Incident management type
Supplier-defined controls
Incident management approach
Pre-defined processes exist for common events including, but not limited to, DOS and DDOS attacks, network saturation and MITM attacks. Users are able to report incidents via a 24/7 portal which is also the location for status updates and intra/post-incident reports.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£7.50 a unit a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
For large enterprise customers a 3 month free trial is provided for a single site with up to 8 cameras.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at <removed>@9d90aa1e-8580-476c-9d8f-9d7f1cba8615.com. Tell them what format you need. It will help if you say what assistive technology you use.