Excession Technologies Limited

Excession Advantage

Excession’s Advantage Platform enables users to share situational awareness while still retaining ownership and control of their sensitive data.

The platform does this by providing trusted, user-controlled connections between fixed, mobile and edge devices, across organisational boundaries and domains, for only as long as required by the task.

Features

• Real-time multi-domain awareness and understanding for mobile and command users.
• Real-time global asset tracking of sensors across multiple operations.
• Command and control via voice, messaging, audio and map annotations.
• Live video streaming, real-time sharing and editing of content.
• Dynamic interoperability for seamless inter-agency collaboration and operational data sharing.
• Immutable operational log-keeping to ensure integrity of recorded data.
• Automated pattern of life analysis of commercial or proprietary data.
• Multiple sensor integrations (including cameras and beacons for real-time alerting).
• Geofencing for alerts, command and control and coordination.
• Data doesn’t persist on devices and clients retain full ownership.

Benefits

• Nationally recommended platform for C2, domain and situational awareness.
• Advanced analytics tools support faster and more effective decision making.
• Automation and secure unified view of reality reduces cognitive load.
• Manage multiple complex operations seamlessly and simply, with fewer resources.
• Improve collaboration and interoperability between organisations to secure prosecutions.
• Increased volume of data captured and evidenced during live operations.
• Lower technology costs by reducing number of bespoke standalone solutions.
• Dynamic interoperability improves partner efficiency and effectiveness across discrete operations.
• Increase operator and public safety through comprehensive real-time understanding.
• Enjoy the same functionality whether a mobile or headquarters user.

£19,950 a unit a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at shelly.mccafferty@excession.co. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

586097888534059

Contact

Shelly McCafferty
07508 735170
shelly.mccafferty@excession.co

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: There are no constraints, over and above the 'system requirements' listed in subsequent section and the fact that Excession is unable to support certain specific legacy third-party browsers.
• System requirements:
  • Kubernetes 1.21 or newer
  • PostgreSQL 13.3 or newer
  • Kafka 2.6.0
  • Open Distro for Elasticsearch 7.10
  • S3 API compatible object store
  • Kubernetes ReadWriteMany (RWX) persistent volume
  • Kubernetes storage class for dynamic PVC storage provisioning
  • DNS zone for use exclusively by Excession Awareness Platform
  • PEM-encoded X.509 certificates

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within agreed hours, there will be an immediate initial response to service request telephone calls, from a dedicated service team. Emails will be replied to and ticketed within 2 hours. Resolution will be targeted within 24 hours (feedback at 8-hourly intervals). During out-of-hours periods, there will always be an Excession point of contact able to initiate a response to priority incidents (within 4 hours: P1 - Urgent only) and if necessary, to stand-up a team to activate a 24/7/365 response including triggering of Business Continuity Plans. This out-of- hours service will be provided by our UK-based, security cleared service team.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Excession provides in house, security cleared, customer support personnel during UK business hours Monday to Friday 9am-5pm, as standard. Additional support hours can be priced based on the required service levels and agreement with individual clients.; ; As well as providing a dedicated Customer Success Manager to ensure you achieve your organisational outcomes, you will also have 24/7 access to a learning management system (LMS) portal and a self service knowledge base to ensure most learning and support queries can be answered or solved by the client themselves.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Excession provides an implementation plan, in partnership with our clients, which provides a plan for getting the system up and running and into the user's hands as quickly as possible. The plan will cover training options for in person or remote learning, together with a 24/7 learning management system (online learning courses).
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: All files uploaded and captured by the customer can be downloaded via the user interface. If this is a large amount of data, we can, via agreement, organise another data transfer medium.; ; Excession is committed to supporting and ensuring a smooth transition of those items necessary to support availability of services back to the Authority and/or a Replacement Supplier should it become necessary.
• End-of-contract process: We will provide a draft Exit Plan and will agree an updated version within 90 days of the Commencement Date of our Services. At the same time we will nominate an ‘Exit Manager’ – a senior individual with authority to commit to the company, who has delivery and implementation experience. This person would have responsibility for providing ‘Termination Assistance’, managing the ‘Exit Programme’ as agreed between parties.; ; As part of the end of contract plan (Exit Plan), we will discuss and agree the return, migration and/or destruction of Authority data and would be the most critical activity in smoothly transferring provision of DAP Services from Excession to another SaaS provider and platform, or to a non-SaaS delivery method. It covers:; ; - Ring-fencing the in-scope data and data types for transfer; - Agreement of data transfer medium (e.g. Hard Drive, AWS, Azure Snowball).; - Data migration including Authority data acceptance and approval.; - Data deletion/destruction as required and mutual return of confidential information.; - Additional hardware, software or data transfer costs may be occurred but will be agreed between both parties.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The capability is designed to be equally capable on both mobile and fixed devices / desktop services whether in the centre or at the edge with deployed users.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: MANAGEMENT Interface - Enables all platform-generated content and imported data to be accessed and managed (based on role-based user permissions).; ; COMMAND Interface - Designed for headquarters / ops room staff to command, control and coordinate multiple operations concurrently and to manage dynamic interoperability between operations and organisations.; ; MOBILE Interface - Excession's domain awareness platform has been designed to deliver the same functionality on mobile devices outside of a command setting, without loss of situation awareness or contextual understanding of the environment. ; ; With all three interface applications, simplicity and intuitive features are key to their utility and ease of use.
• Accessibility standards: None or don’t know
• Description of accessibility: Fine-grained permissions and access controls will determine what can and cannot be done by individual users. Forward-deployed operators / officers may need fewer tools and features on their devices than a high-level administrative user at the headquarters level.
• Accessibility testing: None to this point.
• API: Yes
• What users can and can't do using the API: We offer (currently) a public facing API which enables the tracking of sensor 'pings' from tracking devices. ; ; Note: We intend to provide more functionality as required by customers in the future.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The UI has been designed so that individual users can configure their views depending on their needs and role during installation.

Scaling

• Independence of resources: While an absolute guarantee can only be as reliable as the underlying infrastructure (in this case the cloud provider our software is deployed upon), our platform intelligently autoscales based on the demands placed upon it. Additionally, our unique interoperability capabilities allow customers to run an environment with guaranteed compute resources allocated to them, while collaborating with other customers as if in the same environment.

Analytics

• Service usage metrics: Yes
• Metrics types: Real-time dashboards (Grafana presentation of Prometheus metrics) and regular reports (Fluentd logging and user activity dashboard in the product).
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: All data held within the DAP Services system is owned by the Authority. ; Excession will facilitate access to any data required by any representative of an Authority with appropriate authorisation: ; ; 1: Excession will not limit what data can be accessed through ODIs other than rate-limiting of interfaces to prevent Distributed Denial of Service. ; ; 2: The system allows full data export from an operation for operational, disclosure or other evidential purposes. ; ; Note: Should an ‘authorised user’ require access to data other than through the normal user-interface, Excession will provide a Concierge service to assist in identifying the correct data.
• Data export formats: Other
• Other data export formats:
  • PDF
  • They can also download files they have saved to platform.
• Data import formats:
  • CSV
  • Other
• Other data import formats: Additional 'upload' functionality allows other file type uploads.

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Excession offers an SLA of 99.9% uptime per billing period with the following exclusions. Excession will not accept liability for service availability where it is affected as a result of:; 1. your network or system, or any part of it;; 2. a fault in, or any problem associated with, equipment connected on your side;; 3. your acts or omissions or improper use, misuse or unauthorised alteration of Excession’s software;; 4. your failure or delay in complying with our reasonable instructions (e.g., patching, upgrades and bug fixes);; 5. reasons beyond our reasonable control (a force majeure event);; 6. internet access issues or related problems beyond the demarcation point of the Excession Service;; 7. a planned outage.
• Approach to resilience: We comply with current NCSC guidance, namely, user data, and the assets storing or processing it, should be protected against physical tampering, loss, damage or seizure.; ; The aspects we consider are:; 1. Physical location and legal jurisdiction;; 2. Data centre security;; 3. Data at rest protection;; 4. Data sanitisation;; 5. Equipment disposal;; 6. Physical resilience and availability.; ; To that end, we deploy into multiple AWS availability zones within a single AWS region, with multiple replicas.
• Outage reporting: We have a specific project in development for comprehensive monitoring, dashboards and alerting, but this will not be completed until Q4 2022. Until then, outages are notified by on screen alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: We can restrict access white domain names and IP addresses.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: - VPN; - Physical Security Token

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 23/11/2020
• What the ISO/IEC 27001 doesn’t cover: Physical media transfer (not applicable to our business), Outsourced Development (development is not outsourced), and Cloud Hosting Providers (they are ISO27001 compliant).
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: We maintain a suite of information security policies, processes and controls as part of our ISO27001-accredited Information Security Management System (ISMS). ; ; We ensure these policies are followed through a combination of controls, internal audits, external audits, KPIs, management reporting and review, and staff communications.; ; Reporting structure is through our various teams up to the Chief Operating Officer who owns the ISMS and reports to the Leadership Team and the Board on a monthly basis around information security matters.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: 1. ISO27001 dictates our software development, configuration and change management.; 2. Cloud infrastructure is managed by infrastructure as code.; 3. All software and code is governed by our software development processes (e.g. peer review, testing, static analysis, vulnerability scanning, risk assessment.; 4. Software changes are governed by our software release process, as well as packaging, documentation, delivery and communication to the customer.; 5. Code that fails testing or vulnerability scanning may not be committed to code repositories.; 6. Regular scanning of software continues to surface vulnerabilities and enable timely updates.; 7. All changes are tracked in GitLab/Jira and communicated widely.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: 1. Our software development process requires peer review, test, static analysis and vulnerability scanning.; 2. We do regular penetration testing.; 3. We use GitLab Ultimate SAST tools, including Trivy container image scanning.; 4. We use ClamAV anti-virus scanning when deployed.; 5. Threats are assessed by senior engineers on a case by case basis.; 6. Vulnerabilities are typically resolved within 7 days of discovery, with serious zero-day vulnerabilities often addressed within a day of identification.; 7. Whitelisting of a vulnerability from scanning may only be applied by a principal engineer through peer review/when properly documented in GitLab SCM/Jira ticketing system.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All activity in the Excession platform is persistently and proactively logged and monitored using a threat detection service (AWS Cloudwatch and GuardDuty) in real-time, for malicious or unauthorised behaviour. This, for instance, alerts us to the existence of, and routing of distributed denial of service (DDOS) attacks allowing measures to be taken to counter them.; ; Incidents may be reported automatically via monitoring systems, from any staff member or through our customer success team. We immediately initiate a dedicated incident response channel in Slack and incident report. An engineering lead and communications lead coordinate the response.
• Incident management type: Supplier-defined controls
• Incident management approach: Excession provides a robust, proven incident management procedure, managed by ITIL certified service managers including our VPs of Engineering and Customer-Success. This includes defined processes for receiving and recording inbound service tickets, managing and escalating incidents of varying priority levels and outbound communications to ensure users are kept appraised of company actions to resolve issues.; ; End users can initiate an incident or support request via email, telephone, chat or via our knowledge base support portal.; ; Monthly reports can be provided detailing incidents, response times, status and resolutions.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  In addition to the company’s software solutions that require significantly less compute and storage resources (and therein energy consumption) compared to other approaches, we are committed to becoming Net Zero by 2030 across our operations and supply chain. ; ; Underpinning this commitment are the following carbon reduction targets. By 2030 or sooner we will:; ; • Source 100% renewable electricity for our buildings; • Reduce business travel by 50% per FTE vs. 2020 levels; • Require all of our largest suppliers (by emissions) to adopt a science-based target by 2025.; • Invest in certified, market solutions for emissions we cannot eliminate
• Covid-19 recovery:

  Covid-19 recovery

  Within our organisation we provide support to employees in the form of a flexible hybrid working model where they can choose when to work from home and when to work from the office. Throughout the Covid-19 pandemic, we recognised the serious mental health impact of lockdowns and isolation, and so made available to all our staff a wellbeing counsellor to anyone that needed support (that support is available to all staff on an ongoing basis). Mental Health and Wellbeing of of our staff and those that make up our immediate supply chain is of paramount importance to us. Collaboration are engagement is a key focus, be it face-to-face in the office or online.; ; This hybrid working model extends to our recruitment strategy and means that the pool of candidates is much wider, particularly outside of London, which means offering work opportunities to those who may be out of work due to the pandemic, come from under-represented groups, or who prevented from taking work opportunities due to the need for office working.; ; We also recognised that the needs of our customers required us to operate in a way to ensure resilience. We achieved this through a regime of regular Covid testing, as well as ensuring that core teams operated in smaller groups to reduce the impact of illness should any member be affected and forced to isolate.
• Tackling economic inequality:

  Tackling economic inequality

  Excession is tackling economic inequality as we grow the business, creating significant employment opportunities. Diversity of thought is critical to our success. We connect with under-represented groups to build a diverse pipeline of candidates and new hires. All employees have a voice and the chance to build their careers with us, with fair and equitable remuneration at the upper quartile for the market. We run a subsidised childcare voucher scheme to support working parents and foster flexible working patterns to allow employees to work effectively while meeting their other commitments. As we grow, we intend to roll out internship and apprenticeship schemes. We encourage other SMEs and start-ups to join our supply chain, recognise their challenges, and pay them promptly.
• Equal opportunity:

  Equal opportunity

  Our technology/product doesn't directly focus on this important topic, but we are a high growth UK technology company with plans to scale and grow our headcount significantly over the next few years. At the heart of that growth is a Diversity & Inclusion Programme aimed at ensuring we have a diverse workforce working in an inclusive and welcoming environment. We are an equal opportunities employer and are committed to hiring and developing people from underrepresented groups (across our entire business, and particularly in our tech/engineering teams which has historically been an area that under-represented groups have struggled to access across the tech sector).
• Wellbeing:

  Wellbeing

  At the heart of Excession's Domain Awareness Platform is a suite of capabilities which allow our customers and end users to keep the public safe from harm. As such it contributes directly to the Wellbeing Social Value theme.

Pricing

• Price: £19,950 a unit a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at shelly.mccafferty@excession.co. Tell them what format you need. It will help if you say what assistive technology you use.