DAVID HORN COMMUNICATIONS LIMITED

Ark interview management

Ark is an interview management solution for accurate functionality to receive, monitor and retain the evidence throughout its lifetime.
The client applications are attachable to our Core backend and facilitates the recording of evidence on smart phones, interview rooms and laptops.

Features

• Digital Evidence Capture and management system
• Task management for interviews and evidence capture sessions
• Secure and automatic transfer to server backend
• Configurable workflows to match existing procedures
• Standardise all meta-data for all interviews
• Access and share interviews and data
• Automated speech to text for all media captured available

Benefits

• Optimise interview and data capture processes
• Automated secure data transfer to save time and travel costs
• Conduct secure Interview Recording on-site or out in the field
• Detailed audit log of all actions from users
• Reduce paper and management costs
• Interviews available as soon as upload is verified
• No DVD or physical media needed for storage or sharing
• Automatic transcoding of video audio recordings for playable format
• Media import from other applications
• GDPR, PACE and DPA compliant

£29 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jeff@davidhorn.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

378859865066916

Contact

Jeff Horn
01582 490300
jeff@davidhorn.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Davidhorn Mobile, Portable recorder, Fixed recorder, Indico-Recorder
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Solution can be provided as hosted service or on premises.
• System requirements:
  • Cloud hosting: Virtual servers(Linux) or Kubernetes
  • On premises: Virtual servers(Linux) or Kubernetes
  • PC (Client): Windows 10+, 8GB ram, i5, 100GB SSD
  • Mac (Client): Monterey 12.1 or newer

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support Call, Support Email and Support Ticket system. Within one working day.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Bronze Service Level is supplied as standard, this is a reactive service with standard business day telephone support from 9:00 am to 17:00 Monday to Friday, Excluding Bank Holidays. The support level also includes an online ticketing system, however faults raised outside of standard office hours will not be actioned until the office opens.; All calls are taken by our dedicated support team, contact details are available online.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Online training and documentation is provided to buyers. Onsite training can be ordered if required through our portal.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: A custom export connector service is included in the solution. This can be used to export all media files and meta-data content to a external storage solution.
• End-of-contract process: Normally contract ends with data extraction then secure deletion from the servers that where running the applications. If needed the data extraction could be assisted on a per hour basis.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: In addition to the main frontend, the service has an admin web browser interface.
• Accessibility standards: None or don’t know
• Description of accessibility: The accessibility of the admin interface is limited to default web browser standards, which should include keyboard navigation, semantic HTML, focus management, text zoom, contrast and color settings, and built-in screen reader support in web browsers.
• Accessibility testing: The admin interface has not been tested with users of assistive technology.
• API: Yes
• What users can and can't do using the API: API access is licensed. All operational system features, such as uploading, accessing or downloading all content are available using the API.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The system is highly customizable and can be configured by the system administrator in the service interface.; All forms/templates and workflow can be configured dynamically in the administration interface of the system, subject to the necessary administrative access rights. Features can be enable or disable as per customer needs.

Scaling

• Independence of resources: A standard solution is deployed with automatic failover over multiple servers. Also dedicated infrastructure can be provided to users with high workloads.

Analytics

• Service usage metrics: Yes
• Metrics types: Realtime metrics of Active users, Tasks, Accounts, Projects/Cases, Files and API calls are available. Realtime metrics on server usage like CPU, memory, database and disk usage are monitored.
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Individual Tasks and Interview, generated transcripts and Meta-data can be downloaded as media files with a PDF attachment. If needed, bulk export can be managed by DavidHorn.
• Data export formats: Other
• Other data export formats:
  • Video: MP4, H264
  • Audio: MP4, AAC, MP3
  • Metadata: json, xml
  • Reports: PDF
  • Image: jpg
• Data import formats: Other
• Other data import formats:
  • All well-known audio, video and image formats.
  • PDF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: If using Davidhorn DIR the recorded files are AES 256 encrypted before being transmitted over the network.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99%+ availability for viewing of stored files. SLAs exist to cover availability and refund to buyer subject to contract.
• Approach to resilience: Multiple servers are deployed with load balancing applied and all hardware has high availability.
• Outage reporting: Incident reporting is via email, with critical incidents notified by telephone.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Specifying users with management and support channel authentication. Multiple levels of authentication are configured by the end user during the registration phase of the self service web portal.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials.
• Information security policies and processes: Information security policies and processes are as specified within the company Cyber Essentials accreditation. All Application updates and/or security updates are installed automatically as soon as they are available. An audit is checked by an IT Administrator weekly. Any Application that has not updated automatically is updated manually if this is required. We operate a formal ticketing system. Request for change/ system access is submitted to the System Administrator. All requests must then be signed off in writing by a Director before the administrator will give access to, or as is usual, make changes to a user system. A register of changes requested/completed is maintained by the Administrator.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All requests for change are documented within the company's environment by creating a new change record. The completion of a new request for change is completed by the Change Coordinator with input from the Change Requester. A post-implementation review is conducted to ensure whether the change has achieved the desired goals. Post-implementation actions include deciding to accept, modify or back-out the change; contacting the end user to validate success; and finalizing the change documentation within the company's environment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Regular Penetration testing and development in response to test results. Automated vulnerability scanning in build pipelines.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The solution will be monitored by our engineers and compromises identified through the Azure Portal using Microsoft Toolsets. Any compromise will be identified and clients notified according to standard security protocol. Our engineering team will react and aim to close any new vulnerabilities as soon as they are identified.
• Incident management type: Supplier-defined controls
• Incident management approach: A help line will be operated during normal "Business Hours" where calls for support will be logged. Calls will be classified as severity 1, 2, or 3, with the required response activated. Support can be emailed. This email is monitored during normal business Hours. Emails delivered out of these hours will be actioned the next working day. For the resolution of any dispute that may arise during the operation of this service the contacts, in the event that you wish to escalate any issue will be provided.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  We contributes to legal certainty by providing secure and effective solutions for investigative interview.

Pricing

• Price: £29 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Free 60 day trial of transcription features for Ark interview management clients.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jeff@davidhorn.com. Tell them what format you need. It will help if you say what assistive technology you use.