ALTIA SOLUTIONS LIMITED

Altia Verinote

Altia Verinote eradicates individual and organisational reputational harm created by pocketbooks, diaries, journals, and decision-logs. Elevates e-notebooks and digital policing to a new level. Voice to text, field intelligence, evidence collection, desktop platform, global searching, API ready. Supporting DEMS, Digital Evidence Management System that presents structured digital data for teams.

Features

• Multi-lingual Notetaking (including offline); rich media, photos, files, and e-signatures.
• Encrypted Voice Recording with Automated Conversation Transcription.
• Draw-to-Text (iPad Only) and Scene Sketch for a complete picture.
• Write your statement on the go; Upload to ACOS; Covert
• Meta-Tagging, authenticity certificates, and integrity statements for court ready production.
• Realtime information classification, protection, redaction, and disclosure, where required.
• Your records, all your devices (iOS, Android, Browser, Windows, MacOS).
• Live monitor Incidents and annotate decisions as they are made.
• Full Discovery to ensure all your data becomes intelligence holdings.
• RBAC, real-time threat monitoring and Independently Security Assessed (globally accepted).

Benefits

• Eradicate risk of theft, loss, or destruction of mission-critical information
• Enhance frontline intelligence capability, officer safety and decrease overall risk
• Automates repeatable processes, reduces mistakes, and ensures consistency. Accuracy always.
• Solve cases faster, in the field, not in the office.
• Integrate with legacy systems to modernise service delivery immediately.
• Ensure accountability, transparency, and cement public trust, protecting officer reputation.
• One application interface, a reduction of operational forms and dependencies.
• Reduce effort and cost responding to court or FOI requests.
• Future-proof your agency as the platform moves with your ecosystem.
• Protect your reputation. Protect the public. Protect your information.

£50 to £400 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@altiaintel.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

337679468553318

Contact

Mandy Thomas
+44 (0) 330 808 8600
tenders@altiaintel.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: No
• System requirements:
  • Web Browser or Native Windows / MacOS Desktop Application.
  • IOS or Android Based Operating Systems for Mobile Devices

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: An automated email is sent following the submission of a case where the user is provided with a unique case number. The case is then triaged and reviewed.Based on the priority of the call (SLA is available), follow-up communication will then take place between 8.30 to 5.30 (UK time), Monday to Friday. Cases raised during the weekend will be responded to on the Monday - there is an out of hours support offering, in which case a response will be provided over the weekend.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: None to date
• Onsite support: Yes, at extra cost
• Support levels: Urgent (Severity 1): Interruption making a critical functionality inaccessible or a complete network interruption causing a severe impact on services availability in a production environment. There is no possible alternative. This is what you will expect from Alta. First Response (FRT) Time: 30 Minutes. Resolve within 4hours. Periodic Updates every 30 Minutes. Pausable Update: Not Applicable.High (Severity 2): Critical functionality or network access interrupted,degraded or unusable, having a severe impact on services availability. No acceptable alternative is possible. FRT Time: 60 Minutes. Resolve within two Business Days. Periodic Updates every 4-hours. Pausable Update: NotApplicable. Normal (Severity 3): Non-critical function or procedure, unusable or hard to use having an operational impact, but with no direct impact on services availability. A workaround is available. FRT Time: 90 Minutes Resolved within the Next Major Release Periodic Update: Not Applicable Pausable Update,potentially within two days. Low (Severity 4): Application or personal procedure unusable, where a workaround is available, or a repair is possible; considered“feedback”. FRT Time: One business day Resolved within consideration for Future release Periodic Update: Not Applicable Pausable Update: NotApplicable Full details as part of the contract
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: After a first (included) onboarding session of 'Super Users', product User Guide and Videos are available to customers (updated after each release). In application support is available through tutorials, 'getting started' or 'topic specific' videos and explainders. Live chat is also avaiable within the application itself. ; ; Release Notes explaining changes, hot-fixes, patches, and functionality published for each product update. Training can be supplied on-site at our Nottingham office, on-site at customer location, or virtually over Microsoft Teams or a like service. Altia's support helpdesk is always willing to supply advice to end-users about specific issues they may have in using the product and technical advice can be provided by senior software engineers, or if needed Cloud Solution Architects for more serious Platform-as-a-Service or Infrastructure-as-a-Service matters.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Naturally we would work hard with our customer in the hope that they would not seek to leave. However it is understood that requirements change and Altia will agree an exit strategy at the beginning of the contract, to provide our customers with reassurance regarding how any exit, for any reason would be managed. The exit strategy will contain the steps and activities to be taken that will lead to the cessation of service delivery to the customer. This will ensure the safe delivery of customer data, aligned to any specific customer requirements. The exit strategy documents the transfer and / or deletion of any data, the format in which it will be available for return to the Customer. Altia has a standard outputformat and transfer method and will deliver the data in an agreed flat file format on an encrypted Hard Drive which is usually provided and collected by the customer.
• End-of-contract process: Within 30 days or an agreed period following contract termination, Altia will provide any of the Customer's data held, in database dump format together with associated documentary attachments to an agreed secure location. At this point the Customer's data is deleted from the cloud platform and all / any Altia group systems. As an alternative, if necessary, it may be possible to agree a "read only" access to the system data on payment of all 3rd party hosting costs and associated service management costs incurred by Altia in maintaining access to the "read only" system.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Native iOS and Android applications are available for both mobile phone and tablet devices. Mobile applications (for security reasons) do not store any user data and is simply a window into the application's database, protecting the sensitive agency information, but also reducing the risk of mobile devices being called as evidence in court proceedings.; ; By default, mobile access is restricted its 'own-user's' information, read, and write permissions their own data only, rather than agency-wide to prevent inadvertent data leakage, loss, or compromise. This can however be configured to meet a specific agency need, if explicitly requested and authroised.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Verinote has a self-service administrative console for agencies to distribute Role Based Access Control, restrict/revoke access and/or access support material. Within the self-service administrative console, users can generate support tickets and/or engage with support personnel right from within the application - to ensure aid is always available, especially during mission critical moments. ; ; Self Service Log Analytics and Integrity reporting is also available through the Service Portal to ensure agencies have complete control of their integrity and ethical standards and benchmarks.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Altia rely on the industry standard Zendesk in application chat facility which is globally accepted and widely used for support and general inquiries within Verinote.
• API: Yes
• What users can and can't do using the API: Verinote offers an Open API of structured data for consumption by platforms, to compliment records management and analytics systems. Pair Verinote with Microsoft, Modis Söze, and other Altia ACOS for rich field intelligence and evidence collocation, deep data analytics, secure case management and seamless user provisioning. Altia currently partners with Microsoft, Modis, Daltrey and integrates with their respective products to offer an ecosystem approach to solution delivery. More information can be found through those vendors. Other popular integrations include working relationships include NicheRMS and Fujitsu Technologies.; ; Altia’s API is constructed to allow existing platforms and solutions to securely consume structured, meaningful, and authentic intelligence & evidence gathered in the field. ; ; All Verinote Open API endpoints are created by Altia to ensure the integrity and security of the information and cannot be performed by the customer alone.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Verinote allows for custom branding, forms, fields, and reporting outputs. This means, Verinote can be used to replace the manual processes, workflows, forms, documents, and legacy reporting practices in effect today.; ; Verinote also offers discreet service delivery for operational units working within Covert Intelligence and Law Enforcement Functions. These features and functions are not publicised, and prospective customers are encouraged to speak with a product specialist for further information.; ; All customisation is performed by Altia to ensure the integrity and security of the application and cannot be performed by the customer agency or end-user for this reason.

Scaling

• Independence of resources: Verinote relies on auto-scaling of resources and have undertaken significant soak, load, and performance testing by independent experts to ensure 99% availability across 43,000 users at peak demand.

Analytics

• Service usage metrics: Yes
• Metrics types: Altia report on Service Level Agreements on a weekly basis on availability and uptime. Also, administrators receive automated regular reports on irregularities within the system (including heightened privilege assignment) and more detailed performance, metrics, data volume and record totals can be made available on request to Altia.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Data is encrypted in transit and at rest by Microsoft Azure using Azure App Service/s using military grade encryption.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Verinote allows end-users and agency representatives to prepare comprehensive disclosure packages including redacted and un-redacted document exports to ensure full disclosure, while protecting protected information or material not in the public interest for disclosure. Automatic redaction saves the expense involved in finding and retrieving documents, followed by hours of manual redaction performed by legal staff.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • CSV
  • .DOCX
• Data import formats: Other
• Other data import formats:
  • Upload of information through the Verinote mobile user interface
  • Upload of information through the Verinote web user interface
  • Upload of information through the Verinote Native Desktop user interface

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Altia will take commercially reasonable efforts to avoid Unavailable Time for Altia Services and aspire to 99.9% availability of Altia Services in each calendar year. This aspirational availability does not include Scheduled Maintenance, or any Unavailable Time caused by Customer Systems and Hardware or Third-Party Service Provider(s).
• Approach to resilience: Altia rely on Microsoft Azure who say: "Resiliency is not about avoiding failures but responding to failures. The aim is to respond to failure in a way that avoids downtime and data loss. Business continuity and data protection are critical issues for today’s organisations, and business continuity is built on the foundation of resilient systems, applications, and data. Reliability and resiliency are closely related. Reliability is defined as dependability and performing consistently well. Resiliency is defined as the ability to recover quickly. Together, these two qualities are key to a trustworthy cloud service. Despite best efforts, disasters happen; they are inevitable but mostly unpredictable, and vary in type and magnitude. There is almost never a single root cause of a major issue. Instead, there are several contributing factors, which is the reason an issue is able to circumvent various layers of mitigations/defences.; There is no way to always prevent bad things from happening. All we can do is add layers and minimise gaps. "
• Outage reporting: All pre-planned outages will be reported and identified as planned maintenance, emergency maintenance, or platform issues. In addition, Altia proactively contact customers as proper if unforeseen outrage occur through automatically generated emails, SMS and/or phone call messages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Customers have the option to raise a support request via telephone, email or our support portal. We will always authenticate the identity of the user by validating the information within our customer portal.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: Users must first be authenticated on the Altia network (by direct connection or by VPN connection to the network).; ; Access to the cloud platform then requires a further logon username and password to access the management portal or VM.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyds Register Group Limited
• ISO/IEC 27001 accreditation date: 23/12/2005 (re-accreditation 01/10/2021)
• What the ISO/IEC 27001 doesn’t cover: 14.2.7 Outsourced development
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials
  • Cyber Essentials Plus
  • InfoSec Registered Assessors Program (IRAP) Certification to PROTECTED

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: InfoSec Registered Assessors Program (IRAP) Assessment certification to PROTECTED, FEDRamp assertation and UKO Assertation.
• Information security policies and processes: Altia has a number of inter-connected governance frameworks in place which control both how the Company operates and the manner in which it delivers its services to its customers. Altia is registered to ISO27001 by LRQA, a UKAS accredited audit body, and best practice is circulated and adopted across the group. The Company is governed by an integrated suite of information security policies. Under the top level Information Security Policy itself are second-level documents with specific focus on Acceptable Use, Asset Management, Business Continuity Management, Data Protection, Password Management, and many others.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Altia has documented configuration and change management policies and processes, which have been implemented, maintained and assessed in accordance with the guidance from our ISO27001 standard and which is programmatically enforced by industry standard tools including Azure DevOps. Formal configuration management activities, including record management and asset reporting, are monitored and validated constantly, and any identified discrepancies promptly escalated for investigation. All changes will be subject to the Altia processes covering technical testing, quality assurance and user testing including review for potential security related threats prior to release.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Altia has a documented vulnerability management policy and process,which have been implemented, maintained and assessed in accordance with the guidance from our current ISO27001 standards. Where technically possible, real-time updates and status reports are identified and sourced from credible vendor sources.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Altia follows best practices for its coding, application servers and databases. The Cloud Service Provider follows the best practice from the National Cyber Security Centre, The Cloud Service Provider protects it's platforms with 24x7 enhanced protective monitoring services, vulnerability scanning and assessment. Their approach to protective monitoring at minimum meets the Protective Monitoring Controls outlined in NCSC document GPG13. It includes checks against systems events (SIEM) and network traffic analysis, including time sources, cross-boundary traffic, suspicious activities at a boundary, network connections and status of backups. Any alerts generated are logged and investigated 24x7.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Altia has a documented incident management policy and process, which have been implemented, maintained and assessed in accordance with the guidance from the current ISO27001 standard. This activity is responsible for the progression of issues identified by Altia personnel, and incidents identified and reported to Altia by its customers and partners. Al lincidents are promptly reported into a central ticketing system, which ensures that each is promptly assigned to an appropriate resource, and its progress tracked (and escalated, as required) to resolution.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We are working with Positive Planet on Carbon Footprint Measurement and Reduction Planning, produce PPN 06/21 compliant Carbon Reduction Plan and become Certified Carbon Neutral. Current initiatives already in place include global reduction in travelling by utilising online platforms for team, customer meetings as well as customer training. Company car scheme renewals to be hybrid/electric vehicles, recycling schemes and green energy provider.
• Covid-19 recovery:

  Covid-19 recovery

  We continue to support remote/hybrid working across our group and throughout the pandemic have offered working from home check-in’s to support the mental health of our employees. Our Covid-19 Risk Assessment incorporated being able to offer social distancing, remote working and sustainable travel solutions as well as offering cloud solutions to our customers.
• Tackling economic inequality:

  Tackling economic inequality

  We are a pledge partner for Fortem Australia which supports first responders who are looking to transition into private sector roles. Our growth plans will enable further recruitment of graduates from local universities as well as opportunities for work experience candidates from all backgrounds. ISO27001 Cyber Essentials and Cyber Essentials Plus accreditation ensuring management of cyber security risks in the delivery of our services.
• Equal opportunity:

  Equal opportunity

  Altia prides itself on being an equal opportunity employer of choice, with members being of all ages, gender, sexual orientation and embrace choice and freedom of expression. Altia nurture wellbeing not only of its staff, but also its customer's and do not discriminate against forms of intellectual, mental or physical disability.; We report monthly into the Board our Gender & D&I stats. As part of our recruitment cycle, we request anonymised CV’s.
• Wellbeing:

  Wellbeing

  We have signed the “Charter for Employers Positive about Mental Health” and are committed to creating a positive, supportive and open culture. We have mental health first aiders across our business and we continue to reinforce mental health first aid training for our people managers. We offer a comprehensive EAP which allows employees access to a wealth of support and resources including Wellbeing Checks, Counselling, health & wellbeing advice as well as financial advice. Through our private health insurance policy, we can offer mental health support and a digital GP service. We offer an enhanced annual leave package, remote and hybrid working and sickness benefits to release the financial pressure of long-term absence. Our culture supports continuous wellbeing conversations and feedback via our performance process with employees and their line managers. We offer company social events throughout year which help with our employee engagement and morale.

Pricing

• Price: £50 to £400 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Time bound access to the full Verinote system can be provided (and is encouraged to ensure the solution is fit for purpose).
• Link to free trial: Trial versions are available through direct contact with Altia only.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@altiaintel.com. Tell them what format you need. It will help if you say what assistive technology you use.