Skip to main content

Help us improve the Digital Marketplace - send your feedback

  1. Digital Marketplace
  2. Lot 2: Cloud software
  3. Altia Covert Operations Solution (ACOS) Prison Surveillance (OPT) (PAS) (NOMS)

Altia Covert Operations Solution (ACOS) Prison Surveillance (OPT) (PAS) (NOMS)

ACOS offers a solution for capturing intelligence within the prison system. Using national forms for authorities, review, renewal and cancellation functions ensure legislative compliance in the intelligence gathering field. RIPA, IPA, GDPR, CCA, HRA compliant. Risk assessment tools identify potential for compromise. Covert capability links with other ACOS modules


  • Compliant with RIPA, IPA, CCA, GDPR, HRA, Prison Act
  • Developed with LEA professionals using OPT forms
  • Supports legal compliance with legislation and processes
  • Automated Email notification system to prompt required staff activity
  • Full Record and Document Search-ability, Query function and Reporting provision
  • Can be linked to Prison Teams
  • Comprehensively Audited, with Access Controls and Security Controls
  • Automated Workflow ensures appropriate sign off risk management diligence
  • Highly configurable, module-based system with management dashboard oversight.
  • Highly secure system incorporating comprehensive auditing.


  • Easy to Use - reflects operation of other ACOS modules
  • Performance indicators provide quick and easy assessment of benefits.
  • Ensure the safety of those at risk in operations.
  • Ensure legislation is complied with and compliance is evidenced.
  • CPIA and LED compliant
  • Fully searchable - retrieves content from electronic and typed document
  • Secure and protected intelligence gathering
  • Effectively analyse data, establish key facts and share as appropriate.
  • Can be easily tailored and scaled depending on organisational needs.
  • Trust that deeply sensitive data is safe.


£1,509 a user a month

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

4 0 5 1 8 8 5 3 2 3 9 0 5 8 3


Telephone: 0330 808 8600

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
The software is offered as a cloud solution and there are no constraints for customers.
System requirements
  • End-User accesses via an Internet Browser
  • Security controls enabled to permit access to the cloud service

User support

Email or online ticketing support
Email or online ticketing
Support response times
An automated email is sent following the submission of a case where the user is provided with a unique case number. The case is then triaged and reviewed. Based on the priority of the call (SLA is attached), follow-up communication will then take place between 8.30 to 5.30 (UK time), Monday to Friday. Cases raised during the weekend will be responded to on the Monday - there is an out of hours support offering, in which case a response will be provided over the weekend.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
None to date
Onsite support
Yes, at extra cost
Support levels
Urgent (Severity 1): Interruption making a critical functionality inaccessible or a complete network interruption causing a severe impact on services availability in a production environment. There is no possible alternative. This is what you will expect from Alta.
First Response (FRT) Time: 30 Minutes.
Resolve within 4 hours.
Periodic Updates every 30 Minutes.
Pausable Update: Not Applicable.
High (Severity 2): Critical functionality or network access interrupted, degraded or unusable, having a severe impact on services availability. No acceptable alternative is possible.
FRT Time: 60 Minutes.
Resolve within two Business Days.
Periodic Updates every 4-hours.
Pausable Update: Not Applicable.
Normal (Severity 3): Non-critical function or procedure, unusable or hard to use having an operational impact, but with no direct impact on services availability. A workaround is available.
FRT Time: 90 Minutes
Resolved within the Next Major Release
Periodic Update: Not Applicable
Pausable Update, potentially within two days.

Low (Severity 4): Application or personal procedure unusable, where a workaround is available, or a repair is possible; considered “feedback”.
FRT Time: One business day
Resolved within consideration for Future release
Periodic Update: Not Applicable
Pausable Update: Not Applicable

Full details as part of the contract
Support available to third parties

Onboarding and offboarding

Getting started
Altia has a dedicated training team that covers all products. The team also includes former law enforcement professionals who have worked in this challenging area of Law Enforcement. Training can be provided either on the customer site or at our dedicated training centre in Nottingham.

Full user guides are also available to assist users. These are available across the entire system. Additionally ACOS has 'help' buttons throughout which allow users to look for guidance and advice as they work through the system.

Our Business Consultants also conduct process workshops to ensure the application is tailored to the organisation’s needs.

At the point of go-live, Altia provides dedicated support to ensure the process is completed smoothly and that any issue raised is quickly dealt with. This can be provided on-site, remotely or a hybrid of both as required by the customer.

Following go-live, Altia regularly holds ACOS User Groups where the customer can send representatives to network with colleagues as well as suggesting and agreeing product enhancements which are invariably incorporated within a future product release as part of the standard licence and support package - at no additional cost.
Service documentation
Documentation formats
  • PDF
  • Other
Other documentation formats
End-of-contract data extraction
Naturally we would work hard with our customer in the hope that they would not seek to leave. However it is understood that requirements change and Altia will agree an exit strategy at the beginning of the contract, to provide our customers with reassurance regarding how any exit, for any reason would be managed.

The exit strategy will contain the steps and activities to be taken that will lead to the cessation of service delivery to the customer. This will ensure the safe delivery of customer data, aligned to any specific customer requirements. The exit strategy documents the transfer and / or deletion of any data, the format in which it will be available for return to the Customer.

Altia has a standard output format and transfer method and will deliver the data in an agreed flat file format on an encrypted Hard Drive which is usually provided and collected by the customer.
End-of-contract process
Unless there are additional requirements that the customer has identified which will form part of the exit strategy at the initial contract phase, there would not usually be any additional costs for providing the data in the agreed flat file format.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
There are no differences
Service interface
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
ACOS is a cloud based web application that can be accessed through a number of different gateways depending on the level of security required by the organisation. The application uses a responsive web design to assist users interface with the system on a variety of devices and screen sizes via modern internet browsers.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
None to date
What users can and can't do using the API
ACOS is a browser-based application which allows users to interface with the system through an intuitive and simple API.
When navigating to the system a user is presented with an area to enter their log-on credentials and their access to the system is verified or, where the user credentials are incorrect, rejected. Using the API users are able to carry out all functions including data entry, saving, reporting and searching.
ACOS provides role-based access which is defined in the system toolkit, the toolkit is also accessible to authorised users via the API.
Users can only access parts of the system and data which their role entitles them to see, changes can be made and saved through the API.
The initial set up of ACOS is conducted through accessing the system toolkit via the API, the administrator is able to configure the system and create users as required. There are also additional API’s to assist with bulk loading and maintaining users as well as interfaces to Gazetteers
API documentation
API documentation formats
  • PDF
  • Other
API sandbox or test environment
Customisation available
Description of customisation
ACOS is a highly configurable and customisable application allowing authorised users the hide, disable, make mandatory and rename fields as well as tailor workflows to meet business needs. Each screen in the different process states can be configured independently allowing for total customisation. This is normally done by a business administrator.
Authorised users can also add new fields as required e.g. dates, text, list of values etc. These fields are automatically added to the main search facility.


Independence of resources
Due to the nature of the Altia Covert Operations Solution (ACOS) each customer will have their own tenant, therefore reducing this as a likelihood.

Additionally, during the on-boarding process, Altia will size the infrastructure based on the anticipated number of concurrent users with future growth in mind. As part of regular service reviews, this infrastructure may be expanded based on the fact that additional resources can be quickly assigned e.g vCPU, RAM and disk space.


Service usage metrics
Metrics types
We provide summaries of any support cases logged by the customer (no of calls, volumes, categories)
CUstomers can access their own cases, status and resolution dates via their own service support portal log on.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Other
Other data at rest protection approach
The Database is secured with Oracle Advanced Security via Transparent Tablespace Encryption
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Altia Covert Operations Solution (ACOS) provides the ability to export data from the system in a number of different formats using inbuilt system tools including the Report Writer. There are also specific xml exports for intelligence logs designed to transfer data to other systems.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • XML
Data import formats
  • CSV
  • Other
Other data import formats
  • Any media can be imported and stored in ACOS
  • Any document type can be imported, stored, searched and retrieved
  • Any media type can be imported,stored, searched on and retrieved

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The level of availability will be 99.99% depending on the Service Level chosen (Excluding planned service outages / updates)
Approach to resilience
The premises used by Altia for the management of its services are distinctly separate and at a distance from each of the respective data centre premises. All data centres are UK- domiciled. Should high availability be required, then we can offer this across different sites as agreed.
Outage reporting
All outages will be reported and identified as planned maintenance, Emergency maintenance, and platform issues. In addition, will proactively contact customers as appropriate.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Customers have the option to raise a support request via telephone, email or our support portal. We will always authenticate the identity of the user by validating the information within our customer portal.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Lloyds Register
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
14.2.7 Outsourced development
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essential Plus
Information security policies and processes
Altia has a number of inter-connected governance frameworks in place which control both how the Company operates and the manner in which it delivers it’s services to its customers. These have been independently assessed and certified against, ISO27001 by LRQA, a UKAS accredited audit body. The Company is governed by an integrated suite of information security policies. Under the top level Information Security Policy itself are second-level documents with specific focus on Acceptable Use, Asset Management, Business Continuity Management, Data Protection, Password Management, and many others.

Altia also holds Cyber Essentials Plus

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Altia has documented configuration and change management policies and processes, which have been implemented, maintained and assessed in accordance with the guidance from our ISO9001 and ISO27001 standard. Formal configuration management activities, including record management and asset reporting, are monitored and validated constantly, and any identified discrepancies promptly escalated for investigation.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Altia has a documented vulnerability management policy and process, which have been implemented, maintained and assessed in accordance with the guidance from our current ISO27001 standards. Where technically possible, real-time updates and status reports are identified and sourced from credible vendor sources.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Altia follows best practices for its coding, application servers and databases. The Cloud Service Provider follows the best practice from the National Cyber Security Centre, The Cloud Service Provider protects it's platforms with 24x7 enhanced protective monitoring services, vulnerability scanning and assessment. Their approach to protective monitoring at minimum meets the Protective Monitoring Controls outlined in NCSC document GPG13. It includes checks against systems events (SIEM) and network traffic analysis, including time sources, cross-boundary traffic, suspicious activities at a boundary, network connections and status of backups. Any alerts generated are logged and investigated 24x7.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Altia has a documented incident management policy and process, which have been implemented, maintained and assessed in accordance with the guidance from the current ISO27001 standard. This activity is responsible for the progression of issues identified by Altia personnel, and incidents identified and reported to Altia by its customers and partners. All incidents are promptly reported into a central ticketing system, which ensures that each is promptly assigned to an appropriate resource, and its progress tracked (and escalated, as required) to resolution.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

We are working with Positive Planet on Carbon Footprint Measurement and Reduction Planning, produce PPN 06/21 compliant Carbon Reduction Plan and become Certified Carbon Neutral. Current initiatives already in place include global reduction in travelling by utilising online platforms for team, customer meetings as well as customer training. Company car scheme renewals to be hybrid/electric vehicles, recycling schemes and green energy provider.
Covid-19 recovery

Covid-19 recovery

We continue to support remote/hybrid working across our group and throughout the pandemic have offered working from home check-in’s to support the mental health of our employees. Our Covid-19 Risk Assessment incorporated being able to offer social distancing, remote working and sustainable travel solutions as well as offering cloud solutions to our customers.
Tackling economic inequality

Tackling economic inequality

We are a pledge partner for Fortem Australia which supports first responders who are looking to transition into private sector roles. Our growth plans will enable further recruitment of graduates from local universities as well as opportunities for work experience candidates from all backgrounds.

ISO27001 Cyber Essentials and Cyber Essentials Plus accreditation ensuring management of cyber security risks in the delivery of our services.
Equal opportunity

Equal opportunity

Altia prides itself on being an equal opportunity employer of choice, with members being of all ages, gender, sexual orientation and embrace choice and freedom of expression. Altia nurture wellbeing not only of its staff, but also its customer's and do not discriminate against forms of intellectual, mental or physical disability. We report monthly into the Board our Gender & D&I stats. As part of our recruitment cycle, we request anonymised CV’s.


We have signed the “Charter for Employers Positive about Mental Health” and are committed to creating a positive, supportive and open culture. We have mental health first aiders across our business and we continue to reinforce mental health first aid training for our people managers. We offer a comprehensive EAP which allows employees access to a wealth of support and resources including Wellbeing Checks, Counselling, health & wellbeing advice as well as financial advice. Through our private health insurance policy, we can offer mental health support and a digital GP service.

We offer an enhanced annual leave package, remote and hybrid working and sickness benefits to release the financial pressure of long-term absence. Our culture supports continuous wellbeing conversations and feedback via our performance process with employees and their line managers. We offer company social events throughout year which help with our employee engagement and morale.


£1,509 a user a month
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.