Sarax Limited

Evidence Warehouse reporting platform

Sarax proprietary collective intelligence platform brings together disparate data and information sources, includes expert analysts, working with leading technology to verify, understand and apply real time information. The platform recently provisioned with a safety harassment application platform and UI which empowers safe journeys for passengers on the UK Rail network.

Features

• Hosted In cloud storage options
• Share evidence digitally across networks saflkey and securley
• Interface with CPS
• Consistent way to share digital evidence with CJS partners
• Collective travel safety platform
• Dashboard navigation screen with integrated location screen
• Location sharing to designated contacts
• Reporting unwanted sexual behaviour on public transport
• Personalised harassment reporting platform
• Situational travel safety platform

Benefits

• USB Report confirmation messaging
• Report train incidents and crimes,
• stay connected with contacts.
• Safer space against USB
• SOS Notification
• Officers and staff having more time for other priorities
• Reducing risk of finable data protection violations
• Reduced risk of lost or compromised evidence
• Enhanced decision making
• Real time review and request evidence with CJS

£5,286 to £10,686 a virtual machine a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.balaam@sarax.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

641771994316434

Contact

Mark Balaam
07775 930125
mark.balaam@sarax.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Existing Computer Aided Dispatch systems can locate a caller through a database of telephone numbers for fixed lines, but are unable to take advantage of the GPS in a caller's smartphone. Additionally services for language translation, text messaging emergencies for the deaf can be supplemented.
• Cloud deployment model: Public cloud
• Service constraints: Live video streaming currently not supported in IOS browser.
• System requirements:
  • Data and GPS enabled smartphone.
  • Internet access / connection.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We operate a priority based approach based on the customer's requirements.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Tickets are responded to based on the SLA agreed with client. These SLAs reflect the priority of the service being supported. The faster guaranteed response times increase support costs. Some example of agreed support levels are:; ; • Monday to Friday 09:00 until 17:30 excluding Bank Holidays. Only trained & qualified engineer's assist with support issues either remotely or on site.; ; • 7 days, 24 hours support including all holidays. Only trained & qualified engineer's assist with support issues either remotely or on site.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Sarax engineers work with clients through a discovery and assessment process to create a software requirements list based on current and future user demand and loading. This includes detailed billing, monitoring, log access, security, load balancing, clustering, and storage resiliency: backup, replication and recovery. Identifying SLAs and high availability requirements. Application interdependencies, network configurations and security and compliance requirements are established. Subsequently a planning phase is executed to define the cloud infrastructure including services such as networking and security to ensure the right mix of storage. The pilot and testing phase validates the test data migration and synchronization, measures performance validates security controls. ; ; Client teams are supported through the migration, typically using a phased approach, to allow ongoing progress review and plan adjustment if material diversions from the plan occur. Migration is monitored, reviewed and adjusted accordingly and then transitioned into IT to successfully manage ongoing operations. We will work in partnership with clients to determine the business needs that drive change and will help identify the optimum information and technology to best meet those needs. ; ; Effective change management reduces the potential impact of any change upon the current service and ensures a faster response to implementing agreed changes
• Service documentation: Yes
• Documentation formats:
  • ODF
  • PDF
• End-of-contract data extraction: Data can either be stored in the cloud or regularly transferred to a customer on site facility. The customer's data is only temporarily hosted by us, as part of the business as usual process the data will be transferred to the customer's systems, so at the end of the contract no customer data will be stored by us.
• End-of-contract process: The end of the contract will have been either scheduled (with a cross over of services between the old and the new providers) or unscheduled due to a termination of the contract, which is provided for within the contract. Data belonging to the customer will be transferred as above within a maximum of 30 days after the end date of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile user interface has been optomised for the mobile experience, keeping a simple large interface, minimising the number of buttons and choices for the mobile user.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Our API can be used to integrate our service into the buyers existing applications / systems.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The interface is customisable, using windows that can be moved, resized or minimised. The look and feel can also be modified to meet the customer's workflow and user experience requirements including co-branding.

Scaling

• Independence of resources: The software uses Microsoft's Azure Cloud which provides automatic scaling.

Analytics

• Service usage metrics: Yes
• Metrics types: Usage, reliability and uptime.
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Meta Cannect

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: We provide a reporting interface to allows users to export their data, the data will be exported into PDF and where video data is provided into an MP4 file.
• Data export formats: Other
• Other data export formats:
  • PDF
  • MP4 for video
• Data import formats: Other
• Other data import formats: There's no intention to upload data, other than through usage.

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We offer a guarantee of 99% reliability, taking into account scheduled downtime for system updates and other essential maintenance agreed in advance.; ; Downtime is defined as when the user can't access our service and is measured in minutes. Downtime does not include the failure of the customer's ICT infrastructure or failure of 3rd party software, hardware or services not under Sarax's control.; Our monthly uptime percentage can be calculated using the following formula:; (User minutes - Downtime) / User minutes x 100.; If the uptime of the service falls below 99% in a month the following service credits will apply:; <99% 10% service credit; <95% 25% service credit; <90% 50% service credit; Service credit is defined as a discount on the next months cost of the service.
• Approach to resilience: Our service is hosted within Microsoft Azure data centres, this provides our core environment with a guaranteed availability of 99.5%. ; ; We actively monitor the availability of the service and can respond to service disruption 24x7.; ; We are able to tailor the resilience architecture to match the requirements or our customers.
• Outage reporting: In the event of a service outage, we will notify the customer via an email to a nominated address.; ; Should a client require a different notification mechanism, we will work with them to find an appropriate solution.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Management interfaces are restricted to management user credentials.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Sarax implements formal, documented policies and procedures that provide guidance for operations and information security. Policies address purpose, scope, roles, responsibilities and management commitment. ; ; Employees maintain policies in a centralised and accessible location. Line managers in association with our security team are responsible for familiarising employees with security policies. ; ; We are working to establish governance processes and policies in line with the CSA CSM 3.0.1 cloud controls matrix. Our goal is the reach CSA STAR level 1 within the next 12 months.
• Information security policies and processes: Sarax implements formal, documented policies and procedures that provide guidance for operations and information security. Policies address purpose, scope, roles, responsibilities and management commitment. ; ; Employees maintain policies in a centralised and accessible location. Line managers in association with our security team are responsible for familiarising employees with security policies. ; ; The output of internal security reviews include any decisions or actions related to:; ; • Improvement of the effectiveness of the ISMS. ; • Update of the risk assessment and treatment plan.; • Modification of procedures and controls that affect information security to respond to internal or external events that may impact the ISMS. ; • Resource needs. ; • Improvement in how the effectiveness of controls is measured.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We maintain a register of service components, software libraries and APIs. This register is used in conjunction with our system architecture documentation to understand the security impact of each component.; ; Where the suppliers of these services issue updates, we review the release notes to understand the security implications of the changes.; ; Following any changes or updates the system will be subject to our test process in a non-live environment prior to the live environment being updated.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We run a monthly vulnerability scan against our service, using an automatic vulnerability scanner. This scanner assesses and categorises the potential vulnerabilities.; ; We prioritise the vulnerabilities in line with the guidelines published on the NCSC website.; ; Depending on the severity of the vulnerability we will aim to provide a patch as soon as a fix is available, and has been tested against our test process. This is integrated with our change control policy.; ; Our VAS scanner is regularly updated with the latest vulnerabilities. We also monitor technical news for information.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We maintain an audit log of all connections to our service. This log is regularly analysed to identify suspicious activity.; ; The frequency of the analysis will be agreed with the client, along with criteria to asses suspicious activity.; ; Once an incident has been identified, we will identify the severity and impact. This will then be managed via our incident management processes.
• Incident management type: Supplier-defined controls
• Incident management approach: We are in the process of developing our incident management processes to conform to the requirements in the CSA CCM 3.0.1.; ; Users can report incidents by email to our support team.; ; Where an incident has been reported, we will retrieve the relevant logs including from the service and OS to assist with the investigation.; ; We provide incident reports via email, including the outcome of our investigation and supporting evidence such as logs.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Sarax has an 8-point plan to combat climate change, through our products, employees and our actions. We would be willing to discuss how we can measure these outcomes on each of the G-Cloud call off contracts. ; ; 1. Measure and Analyse Greenhouse Gas. We measure CO2 emissions through a number of several approved applications and we have a 5-year plan to reduce our emissions. ; ; 2. Reducing Energy Consumption. As a business Sarax follows best practice regarding energy consumption things simple things such as turning off the lights in the office in the evening, slightly lowering the heating or the air conditioning.; ; 3. Reduce Waste and Fight Obsolescence. We actively reduce the amount of waste we generate. Whether it is the industrial waste from installations to avoiding disposable cups, all of our staff and customers are encouraged to adopt an eco-entrepreneur mindset.; ; 4. Optimise Employees’ Transportation. As we know, transportation is one of the largest sectors of greenhouse gas emissions. We encourage employees to take public transit, to carpool with other colleagues living close by.; ; 5. Choose Greener Infrastructures and Equipment. We will always choose more environment-friendly infrastructures such as new printers, air conditioners, laptops, screens, bulbs or office materials.; ; 6. Choose Sustainable Suppliers. We strive to partner with suppliers who demonstrate they have good environmental practices we will change to more sustainable suppliers if the old ones refuse to change practices.; ; 7. Raise Awareness Among Employees, Clients and Other Stakeholders. We proactively raise awareness on our employees, consumers, through our guidance and reporting capabilities this best practices is then reproduced at home and transmitted to friends giving a snowball effect.; ; 8. Promote Environmentally Friendly Ways of Working. We promote flexible working patterns such as telecommuting and video conferences that avoid employees traveling by car for meetings with clients.

  Covid-19 recovery

  The complex global environment of factors such as the Covid 19 pandemic it is now more critical than ever to make it possible for us and our customers to continue their operations and help respond to the unique demands that businesses may be facing. ; ; Sarax has been in business for decades delivering the mission-critical work that keeps every organisation – especially those in the public sector – operational and successful. At this challenging time, our customers can count on us to support their organisation.; ; Sarax leadership is continually reviewing and assessing the landscape that now exists in the present and the future due to Covid 19, looking to appropriately respond to the crisis as it evolves. We believe that everyone’s health and welfare are a priority, as most of Sarax employees are now working remotely or from home. We have developed online collaboration capabilities to help ensure business continuity and we’re working tirelessly to help everyone stay safe while at the same time continuing to serve our customers. ; ; We will work with each G-Cloud call off contracts to define the levels of safe working and how we can assist in defining outcomes for Covid recovery in the geographical region where they are based.

  Tackling economic inequality

  Sarax has a number of initiatives that help tackle economic inequality. We will work with each G-Cloud call of contract to define the outcomes appropriate for that contract. We will then have a monthly reporting mechanism to demonstrate how these outcomes are being achieved. Some examples of these initiatives are: ; ; 1. Employment and education, Graduates. Sarax is proud to offer consulting, technology, and design graduate roles to kick-start graduate careers in all of our industry sectors. Successful candidates work on real projects, with real clients, all whilst being supported to gain as much as possible from the experience.; ; 2. Employment and education, Internship. Sarax offers a growing number of students the opportunity to sharpen their skills and find their place in the professional world. Typically our interns join for a year-long period, with a view to gaining experience whilst brining value to the business. The 12 months with us are filled with opportunities to network, learn new skills, attend training, take part in events, and much more.; ; 3. Business Growth and Creation, Prompt Payment. Sarax is committed to paying suppliers on time, giving clear guidance to suppliers and encouraging good payment practice. On average our suppliers are paid within 22 days following receipt of invoice.; ; 4. Business Growth and Creation, Supplier Diversity. Sarax is committed to working with small, diverse, high-quality suppliers. Our supplier diversity policy endeavours, on a good-faith effort basis, to work with and develop small, minority, and women-owned businesses. We are always looking for small and diverse suppliers that can deliver creative, high-quality products and services. Ultimately, our goal is to diversify our supplier base by encouraging these small and diverse suppliers to compete for business.

  Equal opportunity

  Sarax is an equal opportunities employer and is committed to ensuring that no person is discriminated in our company or supply chain for any reason. We have a number of initiatives that promote a diverse workforce and will work with each G-Cloud call of contract to define the outcomes appropriate for that contract. We will then have a monthly reporting mechanism to demonstrate how these outcomes are being achieved. Some examples of these initiatives are: ; ; 1. Accessibility. Sarax is committed to creating accessible technologies and products that enhance the overall workplace environment and contribute to the productivity of our employees, our customers, and our customers’ customers. We recognise the need for our applications, and our customers’ and partners’ products built with our tools, to be usable by the disabled community. Our accessibility philosophy definiens and recommends the corporate standards for accessibility and developing materials to train all employees so that they can successfully create products that meet those standards. ; ; 2. Mandatory training. Sarax promotes mandatory training for equality for all employees, this includes a compliance training programme and for employees and all new hires joining Sarax; ; 3. Harmony at work. As a business we embrace full inclusivity and belonging within a progressive modern workplace. We deliver education through our guidance catalogue for employees and customers. We aim to raise awareness and share best practices on improving wider representations amongst employees with protected characteristics.; ; 4. Modern slavery policy. Sarax is fully committed to a work environment and supply chain that is free from human trafficking and slavery. We will not tolerate or condone human trafficking or slavery in any part of our organisation, be it supply chain or internal.

  Wellbeing

  Sarax is committed to the well being of our employees, customers and the wider public. In particular we have developed solutions to addressing personal safety for all. We will work with each G-Cloud call of contract to define the outcomes appropriate for that contract. We will then have a monthly reporting mechanism to demonstrate how these outcomes are being achieved. Some examples of these initiatives are: ; ; 1. Targeted Wellbeing Campaigns. Sarax utilises the imabi Pro workplace application that provides targeted wellbeing campaigns such as sleep training, mindfulness, and mental health awareness. We use imabi as a wellbeing communication channel, with all employees now utilising the application with high levels of engagement. A monthly wellbeing employee newsletter is generated and delivered to employees with a dedicated application containing all the available resources in one place.; ; 2. Wellbeing Training. Imabi regularly delivers both manager and employee training on a variety of wellbeing topics, including mental health, which are available in real-time and on demand. Examples include, Stress Awareness and Mental Health. We also provide employees and their dependants with access to a free and confidential Employee Assistance Programme, offering emotional and practical support should they need.

Pricing

• Price: £5,286 to £10,686 a virtual machine a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.balaam@sarax.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.