Meta Mission Data Limited

3SDL Cooperative ESM Operations (CESMO) Service

Cooperative ESM Operations (CESMO) exploit the benefits of using intercept data collected simultaneously on a target from different locations and orientations to rapidly and accurately geo-locate threats in a number of seconds. 3SDL provides CESMO Services through G-Cloud for Decision Support.


  • Users can combine collected intercept data and exploit the benefits
  • Users declare own platform ESM capability and availability for tasking
  • Users declare own platform position and status, updated periodically
  • Signals of Interest (SOI) publishing for Signals Identification Authority (SIA)
  • Collector ‘Tips’ where collectors disseminate detections of a SOI
  • Collector tuning where SIA tasks a group of collectors
  • Tune reporting where collectors generate line of bearing (LOB)
  • Triangulation where geolocation is based on multiple LOBs
  • Fused reporting where SIA reports with ID, parametric, error ellipse
  • Chat messaging, to supplement fixed format messaging


  • A more accurate location for the target
  • Location for target can be calculated in a shorter time
  • Geolocation can be calculated on a fleeting (pop-up) threat
  • STANAG 4658 compliant
  • Trialled at EX UNIFIED VISION 12 & 14
  • Actively used by Norway, Germany, Czech Republic and the Netherlands
  • Implements full CESMO AEDP-13 functionality
  • Emulator facility
  • Self-synchronisation with multiple CESMO Hub Services
  • Feature rich Graphical User Interface (GUI)


£3000 to £25000 per instance

  • Free trial available

Service documents


G-Cloud 11

Service ID

8 8 8 9 1 4 2 5 8 1 1 4 4 6 7


Meta Mission Data Limited

Meta Mission Data Limited Frameworks Team

01684 878 170

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
System requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 4 hours, Monday to Friday. 48 hours at the weekend.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Our support services are coordinated through a technical account manager, assigned to specific buyers/customers. The account manager will select the support level required based upon the client requirements. The basic level of support provides telephone and e-mail support during normal business working hours as a standard part of the service, the cost being in accordance with the rate card.
Support available to third parties

Onboarding and offboarding

Getting started
The service includes onsite training, online training and user documentation.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
The user is provided with an encrypted archive containing their data in an open, international format.
End-of-contract process
At the end of the contract the user's data is archived, sent to the user and removed from the service. The service is then closed down.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
Designed for use on mobile devices
Service interface
Description of service interface
CESMO Hub is supplied with three service interfaces to enable dynamic access to the CESMO application. The three interface options are:
1. Web Service
2. Java Message Service (JMS)
3. Application Programming Interface (API)
Accessibility standards
None or don’t know
Description of accessibility
The service is accessible to local and remote user requests via any of the three service interfaces.
The service interfaces provide full CESMO Hub control in line with the requirements and transactions contained with STANAG 4658. This control includes the ability to configure, initialise and update all CESMO Hub parameters.
Accessibility testing
Ll interfaces have been rigorously tested against the requirements of STANAG 4658.
What users can and can't do using the API
The service is accessible to local and remote user requests via the API.

The API service interface provides full CESMO Hub control in line with the requirements and transactions contained with STANAG 4658. This control includes the ability to configure, initialise and update all CESMO Hub parameters.
API documentation
API documentation formats
  • HTML
  • ODF
  • PDF
API sandbox or test environment
Customisation available


Independence of resources
Assessments of usage across shared resources are made prior to on-boarding of new service instances and at monthly resource assessments to avoid users being adversely affected.


Service usage metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
The system includes a data export function for use by users on-demand from the HMI.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We provide a 99.9% level of availability under the standard SLA. Proportionate refunds for missed SLA can be provided in line with agreed customer KPIs. High levels of availability for mission critical requirements can be considered and implemented through the rate card.
Approach to resilience
This information is available on request.
Outage reporting
Email alerts

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Management interfaces and support channels are only available to management terminals in separate logical networks.
Access restriction testing frequency
At least once a year
Management access authentication
Limited access network (for example PSN)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ACM Limited
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
We follow ISO27001 and are undergoing the process of accreditation.
Information security policies and processes
We have a company-wide Information Security Management System which is mandated by our corporate Information Security Policy. A wide range of policies and procedures fall from this system, including those for protective monitoring, access control, operating procedures and vetting. Further information is available on request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Configuration and change management is tracked using specific change management software, tied to both the cloud environment configuration and the software development lifecycle.

Changes are reviewed by the senior system architect and undergo a robust testing regime. Further information is available on request.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We conduct full Cyber Vulnerability assessments using our CESG Certified Practitioners. This includes IS1/2 assessments of threat. Patches are deployed as often as required in accordance with the system's technical controls statements under the control of the accreditor. We get information on threats from CiSP and other private sources.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We apply protective monitoring controls in accordance with GPG13. We identify potential compromises based on protective monitoring and regular testing of defences. We respond to compromises based on our internal set processes and customer requirements, responding to incidents immediately once they are confirmed.
Incident management type
Supplier-defined controls
Incident management approach
We have pre-defined incident management processes for common events and uncommon events. Users report incidents to the helpdesk and we provide information on incidents to users via routine email or immediate email/phone for critical incidents.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£3000 to £25000 per instance
Discount for educational organisations
Free trial available
Description of free trial
Limited time trial (30 days).

Service documents

Return to top ↑