CLIFF42 LTD

C42 Smart Policing

The first policing apps for rebuilding public trust. Powering policing with ethical AI, improving trust and confidence with the public, bringing more criminals to justice for positive societal impact. Increasing officer efficiency, investigator effectiveness, supervisor oversight and leadership visibility.

Features

• Document redaction
• AI Body Worn Video Analysis
• Video and audio personal sensitive information redaction
• Operational performance monitoring and analysis
• Automated People, Object, Location, Event (POLE) marking
• Operational compliance review
• Video event identification and timeline for complaints
• CPS evidence preparation
• Hotspot mapping and reporting
• Operational and strategic dashboards and reporting

Benefits

• Ability to analyse significant amounts of video data
• Highlighting incidents for supervisor review
• Time saved with automated redaction of PII
• Rapid, automated operational reporting
• Improved case file with investigation assistance
• Faster complaint resolution
• Improved culture of officer learning
• Granular community reporting, including trend data
• Geo-location linked reporting

£84 to £229 a licence

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simon.clifford@cliff42.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

517635018884230

Contact

Simon Clifford
07751345615
simon.clifford@cliff42.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Where customers do not take the SaaS offering, software testing will need to be undertaken to understand constraints of the infrastructure that will be used. We provide minimum specifications to alleviate issues. Outcomes of the testing could impact the level of support we are able to offer and may impact the efficiency and effectiveness of the solution. We will only support infrastructure in the SaaS solution, not that of private, community or hybrid clouds.
• System requirements:
  • APIs to DEMS
  • APIs to RMS
  • Export video data with associated metadata
  • Mobile phones capable of running geo-location apps
  • Connectivity to external web services
  • Azure ExpressRoute or AWS Direct Connect
  • Nvidia GPU servers for hybrid/community deployments

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday to Friday, 0800 - 1800 within 4 hours. Queries will be picked up on the next working day, excluding weekends and bank holidays, unless by prior arrangement.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard support is provided during business hours, Monday to Friday, 0800 - 1800. You will have a dedicated account manager that will have periodic account meetings and will be the single point of contact outside of the support channels. ; ; Additional bespoke support options are available, pricing will be provided during after requirements gathering and consultation.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Training and deployment will be done onsite but can be remote if preferred. The product team will demonstrate to the different user groups the functionality available to ensure they are getting the most out of the system. Comprehensive user documentation and walk-through guides will be provided.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The premise to the service is the ability to extract and use the newly created data throughout service life. Most data in the solution will be transient, once the original data uploaded has been analysed it will be deleted, leaving only the new copy and the metadata. All data, including audit data can be packaged and bulk extracted. We will hold the data for a maximum of 90 days to allow these activities to take place.
• End-of-contract process: At the end of contract we will support the contracting authority extract all data. One full extract is included in the contract cost of any multimedia file that has been processed in the last 90 days but has not already been extracted to date. All metadata (regardless of whether it has been extracted to date) will have one final extract. Additional extractions will incur a cost, dependent on the data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Certain aspects and modules are mobile specific, such as the geo-location and tasking. The main app and dashboards are available on the mobile, but depending on network certain features may be restricted to ensure consistent performance.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Dashboards, lay-outs and permissions can all be customised. Much of this will be done as part of on-boarding to ensure the right people are seeing the right information based on their role.

Scaling

• Independence of resources: For resource intensive activity, the solution auto-scales to demand, ensuring SLAs are maintained. Where forecast demand is significant from one authority, we will assess whether dedicated, ring-fenced resources would be appropriate.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Export functionality is built into the tool. It is self-service and intuitive for users to extract the data they need.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • MP4
  • WAV
  • VTT
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • MP4
  • WAV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 98% excluding planned downtime
• Approach to resilience: Available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
• Access restrictions in management interfaces and support channels: Access conforms to policing controls for administration access, ensuring least privilege and the need to assume new roles for privileged access. We use the 4-eye concept, whereby admins must request new roles and this requires approval from a person a level higher.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Security governance is aligned to the policing controls and SRM framework. In addition the solution is going through ISO27001 accreditation, with the ISMS built to ISO27001 standards.
• Information security policies and processes: All policies and processes are built on the ISO27001 standard. This has regular director oversight and contributions.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We follow a secure by design process, whereby security is part of the change process from conception, through to design, testing and implementation. Processes and procedures align to the ISO27001 and ISO9001 standards, with the ITIL framework used to manage the lifecycle and assets.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use tools available from our provider to ensure vulnerabilities are identified and actioned across the infrastructure. We have an independent tool to unsure our whole stack is monitored and we are alerted when action is needed or updates are available.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use native services and an independent service to monitor the estate. This includes both external and internal suspicious activity and behaviour. Any alert that meets a threshold is investigated and where required either action is taken by us, or the customer is alerted with the relevant information to take action upon.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management follows an ITIL and ISO27001 aligned process. Users can raise incidents to us via email or via their account manager. Monthly incident reports are created and shared with customers, where necessary sensitive information is removed. Detailed incident management process information is available on request.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity

  Tackling economic inequality

  Cliff42 is itself a start-up, founded by two entrepreneurs, who fully appreciate the government’s desire for opportunity creation. We are a technology company and know all too well the skills shortage we have and the impacts that brings. From our years of delivery we know there is a huge range of technology roles that are perfectly suited to diverse candidates, regardless of socio-economic factors.; ; Whilst we cannot offer the breadth of opportunities a large consultancy can offer, as a SME we will still support of the delivery of Social Value. Being a start-up means that we are on a growth path, part of which will be the creation of new roles and opportunities. Given we work in technology and across the UK, most roles will not have a need for workers to be based in a specific location, therefore allowing us to open up opportunities to those in deprived areas. ; ; A key strategy for our growth is the on-boarding of apprentices to learn valuable cloud and technology delivery skills. This will help people train in valuable technology skills, of which there is a significant gap in the UK. We will also endeavour to ensure our supply chain has the same values as us, pushing social responsibility and ensuring they are doing their part.

  Equal opportunity

  Both founders are committed to equal opportunities, having both been school governors we are passionate about ensuring the breadth of our society can be represented. As we grow, we will be seeking to give employment opportunities to candidates with disabilities that impact their ability to easily find appropriate employment. This may be in the form of neurodiversity, physical disability, or hidden disabilities. We will ensure that we structure any opportunity around the individual, giving them the ability to excel and use their skills effectively whilst also developing their skills in the workplace.; ; As a start-up SME, we also have the fortunate position of ensuring equality throughout our workforce, with a transparent and simple pay scale structure, rewarding people based on company wide performance.

Pricing

• Price: £84 to £229 a licence
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simon.clifford@cliff42.com. Tell them what format you need. It will help if you say what assistive technology you use.