IntaForensics Ltd

Lima Forensic Case Management

Lima Forensic Case Management provides complete case and laboratory management capabilities to Forensic laboratories. From case submissions through to final reporting, Lima enables forensic practitioners to operate consistently to the methods required by ISO-17025 FSR Code of Practice and Industry Best Practice. Perpetual or Subscription licensing models.

Features

• Comprehensive Forensic Case Management system
• Supports ISO 17025:2017 Compliance
• Enabling Policy Deployment and Standard Operating Procedures within Client Laboratories
• Management Dashboard reporting in application and via Browser
• Integration with Digital Forensic Tools
• Full Case Level reporting in documentary and electronic formats
• Evidence tracking and management
• Remote portal for submissions and communications
• Integration with Power BI for comprehensive metric reporting and dashboarding

Benefits

• Asset utilisation tracking
• Comprehensive Chain of Custody Recording
• Audit Logging all activity within cases
• Staff time recording and tracking
• Improved communication via Browser with Investigators / Police Officers
• Auditable Authorisation processes
• Configurable to suit client's processes and workflows

£925 to £2,185 a licence

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@intaforensics.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

760596208798769

Contact

Edwin Claridge
0247-7717780
tenders@intaforensics.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Lima requires a version of Microsoft SQL to be available on the same domain as the system. ; Multiple configurations are possible including a variety of virtualisation environments.
• System requirements:
  • MS-SQL Required (no other databases supported)
  • Connectivity to SQL Database and Mapped Network Drive (data storage)
  • IP connection to the licensing HASP server is required

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday to Friday. 9am to 5pm (UK)
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: One level of support is available. Support is included in the cost of Subscription based services. Alternative licensing models are available which charge support as an option based on 25% of the cost of perpetual licenses for the system.; Support is primarily delivered via our own dedicated and hosted support portal. Initial triage of all support tickets is conducted and then tickets are assigned to the relevant agent internally (either Training, Commercial or Technical).; Priority of submitted tickets is dependent on the severity of the incident and is in line with the company's SLA.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The Client is able to install and configure the Lima system independently without the assistance of IntaForensics. However, it is advisable to seek advice and support from IntaForensics during the installation and configuration process. Should the Client require installation assistance this can be provided either remotely or at the Client’s site.; Full system training can be delivered either in a classroom environment at the Client’s site or in a neutral location. This type of training may incur additional charges for any IntaForensics staff travel and subsistence expenses and room hire charges. Alternatively, training can be delivered remotely, via Teams or similar program.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Clients who use the system on a private cloud basis have full access to the SQL database used within the system as well as the data storage areas (usually a RAID array of one format or another). Such clients can access, download and migrate their data as they wish. IntaForensics can assist with this at additional cost should a client wish to cease using the service.
• End-of-contract process: The Lima system requires the Client to purchase a perpetual licence and, as they system would be hosted by them, they would be responsible for the data held within the database. IntaForensics would not have any access to the data. Therefore, should the Client wish to change their system the data can be transferred to the new program; however, they will always have access to the Lima system.; The Client has the option to purchase a full Software Maintenance and Support (SMS) package to continue support and future system updates.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems:
  • Android
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There is a browser-based portal which is available for investigators to submit casework requests for authorisation from appropriate third parties. The system also allows the user to correspond with, send files and additional information to forensic investigators and other third parties involved in the investigations. The portal enables staff in the forensic laboratory to communicate directly with the investigator or other team members. This ensures that all communications remain within the specific case record, allowing full accountability and comprehensive, auditable records of all activity within a case.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Lima has in excess of 400 fields and functions capable of customisation. A dedicated Administrator Application is provided to assist clients to manage their installation of Lima, which allows tailoring of the system to meet the needs of the client.; ; Customisation can be conducted by clients themselves without requiring any engagement by IntaForensics.; ; Full access to the SQL database used is permitted, and clients are able to connect other resources and analytical tools to the database for further flexibility (for example reporting, additional dashboards and other purposes).; ; Several types of user licences are available which allows the system to meet the client’s infrastructure requirements.

Scaling

• Independence of resources: Typical use cases are for a Private Cloud installation. Lima uses the available resources, and this is therefore controlled within the private cloud environment controlled by the client.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Lima has a number of methods for exporting data depending upon the function. The advanced search engine (which integrates dtSearch) enables export of data as XML data; Data fields can be merged into MS-Word .DOC format templates configured by the client; Complete and flexible case reporting can be achieved through configurable HTML reports; Case reports can be output as PDF documents. In addition Lima enables users to directly access the MS-SQL database to extract data in a variety of formats using SQL to query the database should that be of use to the client.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • HTML
  • TSV
  • XML
  • MS-Word .DOC
• Data import formats:
  • CSV
  • Other
• Other data import formats: V-Card

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: This is dependent on the cloud infrastructure agreed with the client if using a private cloud implementation (as 95% currently are).
• Approach to resilience: This is dependent on the cloud infrastructure agreed with the client if using a private cloud implementation (as 95% currently are)
• Outage reporting: This is dependent on the cloud infrastructure agreed with the client if using a private cloud implementation (as 95% currently are).

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: Active Directory Single Sign On; ; Dual factor authentication via DUO (optional)
• Access restrictions in management interfaces and support channels: Comprehensive user management control by User Role or on each individual account. User access control is capable of defining access permissions to every function within the Lima system. Entire features can be turned on or off universally. In addition to user account restrictions, Classification Levels can be given to each user, with cases with higher levels of classification not visible to staff or users without that level of clearance.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 21/03/2017
• What the ISO/IEC 27001 doesn’t cover: Internal Software Development processes
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Self Assessed via SAQ-A Submitted via Worldpay
• PCI DSS accreditation date: 16/02/2018
• What the PCI DSS doesn’t cover: No areas of our operations are not covered by our PCI-DSS Certifications. IntaForensics are a PCI Accredited Qualified Security Assessor Company and an Accredited PCI Forensic Investigations Company.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO-27001:2013
  • IASME Gold
  • Cyber Essentials Plus
  • CREST Membership
  • Accreditation against Forensic Science Regulator’s Codes of Practice and Conduct

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: IntaForensics are ISO-17025:2017 Certified and accredited to both Cyber Essentials PLUS and the IASME Gold Standards. In addition the company is an accredited PCI-SSC Qualified Security Assessor Company. All of these independently reviewed and audited standards verify the strength of security controls and processes, and commitment of the organisation, to information systems security.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Structured internal software development methodologies are adopted, alongside structured testing methods a full internal Beta testing process and Release Management.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Aside from internal use in operational servcie provision, vulnerability reporting is actively managed through our support channels. New releases are planned and emergency releases can be deployed to all registered users.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Given that most clients manage their deployments in private cloud environments by choice, this is usually a client responsibility.
• Incident management type: Undisclosed
• Incident management approach: Given that most clients manage their deployments in private cloud environments by choice, this is usually a client responsibility

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  IntaForensics has a Carbon Reduction Plan which, in part, promotes sustainable transport and travel to reduce the impact of CO2. We encourage the use of low carbon transport and we suggest meetings between IntaForensics and the Authority are held via electronic conferencing where possible. ; ; As part of a wider set of environmental policies, IntaForensics recognise and accept responsibilities to environmental management of business operations and establishing controls for those company activities that potentially impact the environment. ; ; The company has requirements, which form part of the management system to: ; • establish and maintain a policy that proactively works to minimise its impact on the environment ; • actively reduce their carbon footprint ; • provide staff with information and awareness in relation to environmental improvements and potential cost savings and operational efficiency ; • provide and maintain equipment to enhance environmental supportive systems of work ; • embrace the 3R’s principles of REDUCE, REUSE, RECYCLE ; ; We conduct annual carbon footprint calculations which consider the following business operations: ; • Buildings – energy use ; • Flights ; • Cars & vans ; • Vehicle fuel ; • Bus & rail travel ; ; The company is investing in carbon offsetting projects and IntaForensics encourages and supports employees to undertake volunteering or charity activities that enhance the local environment and meet the principles of “Reduce, Reuse, Recycle”.

  Covid-19 recovery

  The pandemic is a long-term global incident. Forensic Access Group took note of the outbreak as it began to be reported in the National media and it was immediately noted as a potential risk and constantly reviewed at management meetings. As the outbreak progressed the BCDR team was convened, and measures were begun to be put in place to move all non-essential staff and those that could to remote working. Despite Forensic Access being on the list of employees who could continue to enter the workplace, at the first opportunity, and prior to the Government announcement, we had moved all staff who could work away from the office to home working. This was part of our policy to minimise those individuals in our facilities to only those who had to be present. This allowed us to both protect our staff and continue to deliver our services to the criminal justice system. ; Our BCDR process was effectively implemented and we were able to introduce working practices which protected our staff, helped reduce the spread of Covid19 and allowed us to maintain service delivery throughout the period of Government enforced lockdown.; On review of our BCDR response to Covid19 we have now established and implemented a more agile working environment for our staff. This means we are able to reduce the number of individuals within the laboratory and therefore protect these individuals from unnecessary exposure.; Forensic Access Group of companies uses all situations which affect our facilities to review our response and implementation of the BCDR policy. This is critical to ensuring we have a rapid and robust response to any issues which may affect our business-as-usual activities and ability to deliver our services to the customer in a timely manner.

  Tackling economic inequality

  Our policy details the principles of how we will conduct business in an honest and transparent manner and expect the same from our suppliers and partners. ; This includes our expectations for our suppliers to never use or support practices that involve the use of children or hold an individual group into the modern slavery Act. This includes labour exploitation in line with the Act. ; We expect all our suppliers to communicate any issues of compliance with our expectations within 7 working days and expect all our suppliers to report any breaches through their own procedures. ; Supporting Human Rights Our Human Rights Policy details our labour and workplace rights. We are committed to providing fair working conditions for all our employees, this includes working hours, flexible working and hybrid working (where possible), terms and conditions of employment, remuneration, health and safety, holiday entitlements and benefits. ; Our employees’ pay will not be lower than that required by local law and the government’s specified minimum living wage.

  Equal opportunity

  Forensic Access Group has an Equality and Diversity Policy which outlines the Company’s commitment to achieving a working environment which provides an equal opportunity of working for all staff.; The company is committed to achieving a working environment which provides equality of opportunity and freedom from unlawful discrimination on the grounds of age, disability, gender reassignment, marriage and civil partnership, pregnancy and ; maternity, race (including ethnic origin, colour, nationality and national origin), religion and or belief, sex and sexual orientation, believing that all employees and clients are entitled to be treated with respect and dignity.

  Wellbeing

  The wellbeing of staff is of paramount importance to protect and encourage the health, safety, and wellbeing of all employees, including physical health, mental health and positive relationships. The Forensic Access Group recognises that everyone’s personal development and contributes to their overall wellbeing at work. We aim to create a sense of belonging, and an environment and culture based on shared values, trust, recognising skills and encouraging personal development.

Pricing

• Price: £925 to £2,185 a licence
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Potential clients can be given access to a remote desktop environment which contains an installation of the latest version of the Lima suite of software, including demonstration data.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@intaforensics.com. Tell them what format you need. It will help if you say what assistive technology you use.