Reveal Media Limited

DEMS 360 Digital Evidence Management Solution

Reveal has been making award-winning and efficient body worn video systems for over a decade. Our commitment has always been to lead the way through collaboration and innovation.
DEMS 360 is our most advanced digital evidence management solution that allows you to efficiently and securely manage all evidential media types.


  • Upload and manage all digital evidence including video, audio, images
  • Share digital evidence with colleagues, CPS or external partners
  • Case Support lets you group and manage related evidentiary files
  • Automated redaction as a built-in tool
  • Secure audit trail to ensure evidential transparency
  • In field review and categorisation of evidence
  • Active directory integration and set up user roles
  • Advanced search to find evidence files easily
  • Access DEMS 360 Cloud securely anywhere using any device
  • Sophisticated reporting tools to aid evidence management


  • One single secure repository for all your digital evidence files
  • Seamlessly and securely share evidence online with teams/externally
  • Case management made easy through grouping related evidentiary files
  • Automatic notification for live streams
  • Simple and easy to use, automated redaction overcomes privacy concerns
  • Maintain evidential integrity with tamper proof audit trail
  • Review video add notes and categorise evidence in the field
  • Easily set up users and control permissions
  • Scalable and cost-effective cloud storage solutions


£13.25 to £99 per licence per month

  • Free trial available

Service documents

G-Cloud 10


Reveal Media Limited

Reveal Sales Team

0203 890 2000

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No major constraints.
System requirements
  • Internet connectivity
  • Internet browser (Chrome, IE or Edge)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Service incidents are prioritised as follows:
- P1 Software not operational and severe business impact.
- P2 Software operational but functionality/business significantly impacted.
- P3 Software operational but adverse business impact.
- P4 Enhancement request or query.
Reveal uses commercially reasonable efforts to respond to incidents in a timely manner based on the incident priority. Enhanced SLAs, including defined response times for resolution plans and 24x7 support, are available as optional service enhancements.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Available directly via Reveal website.
Web chat accessibility testing None to date.
Onsite support Yes, at extra cost
Support levels In addition to our standard support service 9 to 5 (UK time), Monday to Friday, enhanced SLAs and 24x7 support services are available for additional charges.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide onsite training supported with video training materials and user documentation.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction We have an export utility which allows the customer to export their digital evidence files and associated metadata in industry standard format.
End-of-contract process Customers will be provided with an option to extend or renew their contract no later than 90 days before the end date. If they elect not to do so, customers are free to download and export their data at any point before the end of the contract. In addition, upon request, Reveal will continue to store a customer's data for a period of up to 90 days following the end of the contract. During this period, the customer will be provided with access to the DEMS 360 service in order to download or export the customer's data. Following this period, Reveal will promptly delete any remaining customer data and, upon request, provide the customer with written confirmation that the customer data has been deleted. Reveal reserves the right to charge the customer reasonable fees for (a) storing, downloading or exporting the customer data during the period requested by customer and (b) for any assistance provided by Reveal in the downloading or exporting of the customer data.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
Application to install Yes
Compatible operating systems
  • Android
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service DEMS 360 operates on desktop and mobile devices (mobile phones, tablets).
Accessibility standards None or don’t know
Description of accessibility Our application uses a modern Web UI that is easily accessible.
Accessibility testing None to date.
What users can and can't do using the API APIs are used by DEMS 360 to communicate between the different DEMS 360 applications, database and storage.
Access and documentation to the API’s is available on a case by case basis determined by Reveal Media.
Users make changes through the API in accordance with the documentation.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available No


Independence of resources Each customer is provided with its own virtual server.


Service usage metrics Yes
Metrics types DEMS 360 provides reports on usage patterns.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach We allow customers to download all the data they have stored in the Cloud.
Data export formats Other
Other data export formats
  • All uploaded digital evidence in original formats
  • XML
Data import formats Other
Other data import formats
  • Comprehensive list of digital formats supported for upload.
  • XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We use commercially reasonable efforts to ensure a minimum 99.9% service offering.
Approach to resilience Evidential data in your storage account is always replicated to ensure durability and high availability. Locally redundant storage (LRS) is offered as standard and Geo-redundant storage (GRS) is available at additional cost.
Outage reporting E-mail alerts are sent to system administrators when service outages are identified.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Access to the Cloud environment, data and applications is managed by federating user identities to Active Directory or any standard federation and enabling Azure Multi-Factor authentication for more secure sign-in. Additional users are managed by each Force’s IT Administrator via Active Directory.
Reveal can use any Active Directory Federation Service (ADFS) if the Force does not have Azure Active Directory.
Access restriction testing frequency Less than once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 IT Governance Ltd
ISO/IEC 27001 accreditation date 2018
What the ISO/IEC 27001 doesn’t cover General business and administration functions not directly related to the Cloud offering.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Police Approved Secure Facility (PASF)

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have an Information Security Policy that is compliant with the requirements of ISO 27001. We have an Information Security Officer who implements this policy and an Internal Compliance Officer who ensure compliance to the policy. Incidents of non-compliance are escalated to a Board representative.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our processes for configuration and change management comply with ISO 27001.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We carry out regular penetration testing using independent and qualified third parties. Patches are deployed in a timescale that reflects the severity of the threat/vulnerability.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We use a range of methods to detect potential compromises. The response procedure and timing reflect the nature of the compromise.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Customers can log incidents via our online fault report form or email (24/7) or via phone (during office business hours).

• All cases are managed by our in house support desk and recorded on our incident tracking tool.
• All open cases are monitored against pre-defined SLA’s.
• The support desk issue service reports to customers either upon request (for small accounts) or pre-agreed intervals (usually either monthly or quarterly) for larger accounts
• Service review meetings are chaired by a Reveal Service Delivery Manager and are part of our service offering.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £13.25 to £99 per licence per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Free trials can be provided subject to scoping.


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑