Coeus Software Ltd

PoliceBox: frontline digital mobility platform

A flexible frontline digital mobility platform for operational policing. An innovative approach to digital transformation that delivers radical business change. Mobilises business processes using a simple design tool with no coding required. Integrate with back office systems using API/SDK. Works with Android, iOS and Windows devices both online and offline.

Features

• Android, Windows 10, iOS and Chrome native client apps
• Microsoft Azure data centre(s) hosted in UK
• Microsoft 365 deployment compatible
• API/SDK for advanced integration
• No code App designer for rapid deployment of business processes
• AI-driven data capture and fingerprint scanners support
• Role-based access to business processes
• Oauth2 authentication, encryption, digital signature and audit trail
• Home Office Digital Evidence Standards compliant
• Policing Vision 2025 compliant

Benefits

• Improved access to information from police system for frontline officers
• Improved productivity: Less manual input required
• Improved response times: Information is near 'real-time'
• Improved officer confidence: Easy-to-use interface minimises training
• Improved data quality: Less manual input and re-keying of information
• Improved efficiency: Rapid deployment of processes to the frontline
• Improved internal communication: Less voice traffic to the control room
• Improved officer safety: Less distracted by manual input
• Improved officer visibility: Use anywhere including no network coverage

£3 to £20 a person a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simon.hall@coeussoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

766162478295615

Contact

Simon Hall
07802 234789
simon.hall@coeussoftware.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Hybrid cloud
• Service constraints: Our service requires: Federated Authentication using Azure Active Directory (with ADFS or Azure AD Connect); Windows Server (Integration Server) for exporting of completed tasks within your IT environment. Full provisioning documentation is also provided. Windows desktop is used for the business process app design tool. You will need to use the OnBoarding Cloud support service to establish the Integration components. You will also need to decide upon the use of the "Data Return" service at subscription termination, when notification is issued. The service will make use of your existing enterprise device (security & management) solution and mobile network infrastructure.
• System requirements:
  • Windows Server (Hybrid Server) 2012 R2 or later
  • Federated Authentication Azure AD using ADFS or Azure AD Connect
  • Windows 10 Client Devices or
  • IOS 9 (or later) Client Devices or
  • Android 5.0 (Lollipop) Client Devices
  • Network Access to Azure UK data centres
  • Windows 7 or later for the Design Tool

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our standard response times are based upon Monday-Friday 08:30 to 18:00, except English bank holidays.; ; Our service is monitored 24x7x365 and our support team will rectify emergency issues as soon as they are detected.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Business Hours Mon-Fri 08.30 to 18.00 Except English Bank Holidays. Online ticketing service 24x7x365. ; ; Incidents acknowledged within 4hrs with problem assessment within 24hrs. Major Incidents action within 4hrs.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide an onboarding service which includes delivery of software as well as online training (client application familiarisation videos) and user documentation.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • Video
  • Immersive Try-out
• End-of-contract data extraction: We provide an offboarding service and data return support service. This allows your database to be extracted as a backup file and presented to you on your media.
• End-of-contract process: The offboarding service provides a data return support service. You must request the data extract service within 14 working days of notice of cancellation. The data return support service is a chargeable service via our professional services outcomes (Lot 3 Cloud Support) based on our standard SFIA rate card.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The desktop application uses the Windows 10 Universal Windows Platform (UWP) and the app is deployed via the Windows Store. ; ; The difference between the mobile and desktop service UI/UX is optimised for the device being used.; ; The Android App also supports Samsung DeX
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Day to day management of the service is provided through a web-browser. It is role-based and permits management of users, task queue, statistics dashboard, audit log review and system log review.
• Accessibility standards: None or don’t know
• Description of accessibility: Day to day management of the service is provided through a web-browser. It is role-based and permits management of users, task queue, statistics dashboard, audit log review and system log review.
• Accessibility testing: None at this time. it is a roadmap item.
• API: Yes
• What users can and can't do using the API: An API is available that provides a range of services, including:; ; 1. Sending tasks to mobile users; 2. Getting completed tasks for ongoing processing, with retry management; 3. Getting situational awareness information; 4. Providing metadata for KPI analysis etc.; ; An alternative connector-based integration SDK which is described in the customisation section.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The entire platform is customisable, to digitise any business process. Connectors can be deployed to allow researching from or exporting to any target back office or national system.; ; Use the App Designer tool to define tasks designs and to integrate them with broader business processes. This no-code tool can be used by anyone with appropriate training, governed by role based access.; ; The platform integrates with other systems via connectors. The creation of new connectors is a developer role and can be done by your nominated developer. ; ; Additionally, the API can be used to integrate, via a third party integration platform or other middleware.

Scaling

• Independence of resources: We use the inherent scaling capabilities of the Microsoft Azure platform. This scaling allows demand management during peak times, reducing at non-peak times to optimise the service.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide metrics in a Dashboard screen within the Web Portal. It shows the following statistics: Tasks Processed Today; Tasks Completed Today; Tasks Abandoned Today; Search Criteria Tasks Processed; Search Detail Tasks Processed; Tasks Processed Last Seven Days. It will also show a graph of totals of each type of task (i.e. Non Endorsable 30, versus NIM-A etc) for the last 2 hours and last 24 hours. Finally, the range of completed tasks can be plotted on a map, showing the geographical distribution of where tasks are completed.
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Our service depends on the continued compliance of the Microsoft Azure UK data centres. ; SQL Azure transparent data encryption.; Blob storage transparent data encryption.; Task data is compressed and encrypted using AES256.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: No significant data is held in the service for any length of time as it is exported when completed tasks are processed by the Integration Server and sent to your back office databases. At the end of the contract you may request the data return service.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • SOAP/XML
  • JSON
  • PDF
  • Word
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Data is protected by encryption to AES-256. We expect the buyer would also use a Mobile Device Management (MDM) system whilst using the service.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Application traffic is additionally secured using application level compression and encryption within the TLS tunnel. Data at rest is also compressed and encrypted. The approach uses AES256. Users cannot login without time synchronisation and the client app will not run if the device is 'rooted'.

Availability and resilience

• Guaranteed availability: Our solution is hosted by Microsoft Azure platform and we use their service level as our baseline.
• Approach to resilience: We use the Microsoft Azure platform due to its scaling and resilience capabilities. We also utilise geographic replication of databases and services using a second UK datacentre to ensure that the service is resilient. Web services are provided by at least two instances at each data centre.
• Outage reporting: Our service desk will issue email alerts in the event that the service suffers any outages.

Identity and authentication

• User authentication needed: Yes
• User authentication: Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: We use role based access that is configured through an administrative (html-based) interface and utilises Active Directory / Federated Authentication.
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: The service design ensures our staff do not have access to your protected information. We also monitor systems including internet-based communications and centrally managed group policies to ensure that our staff operate within their role function and no-one person has overall access. Our Development environment is separated from Operations and Service Management. Any incidents that occur will be reported and escalated up to CEO level where a formal report would be made to the client(s) affected, accordingly. We will produce a report within 24hours of the incident being detected. We hold Cyber Essentials and are working towards ISO/IEC 27001.
• Information security policies and processes: We operate an information security policy. Our products are designed to ensure that our staff do not have access to your protected information. We monitor the service including internet-based communications and manage group policies to ensure our staff operate within their role function and no-one person has overall access to everything. Our development team is separated from operations and service management. Incidents are reported and escalated to CEO level where a formal report would be made to you. The client report is made within 24 hours of the incident being detected.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our configuration and change management processes records client configuration details, including knowledgebase materials in our Service Desk system. Change management follows a documented process that is described in the standard service management policy. We have set up a user forum for the service; PoliceBox User Group (PBUG) to cover product roadmap. Our Operations Department includes a process where changes can be simulated in a representative customer configuration for factory test purposes. This takes place before the formal release cycle to ensure that potential security impacts are identified.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We work with partners and research other sources to monitor emerging and discovered vulnerabilities. Our agile development process ensures that vulnerabilities that are identified can be graded and our resolution can be impact assessed. Our change management process ensures that software updates or knowledgebase articles are issued in a timely manner. Our Operations department track and monitor the conclusion remedial action. We operate a DevOps methodology that includes continuous integration and includes vulnerability as well as functional testing.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use proactive monitoring of the service. In addition, the system provides Logs and Audit Logs to assist with monitoring and user behaviour. We also liaise with suppliers and clients in order to continue the company's continued alignment to GPG13. Audit logs comprise HMAC checksums to assure validity of data at rest. The collection of information in the field is only permitted on authorised devices.
• Incident management type: Supplier-defined controls
• Incident management approach: Our service desk is accessed via a web-based interface.Our standard service management policy sets out the process of Incident and Problem management cycles. Our service desk operates 'business to business'. It is your responsibility to ensure that calls from your user community are correctly analysed to eliminate local issues. We issue service tickets when calls are placed. We grade calls by priority and categorise problems. Depending on severity, the Change Management cycle may be invoked. We will use workarounds wherever possible to ensure continued service until a release cycle provides a formal resolution.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Our Climate Change policy adopts a holistic perspective when analysing all Coeus Software® operations. Electric vehicles are used to reduce the environmental impact of travel from sales and management teams. This policy is also committed to reducing, recycling and where possible, re-using consumables.
• Covid-19 recovery:

  Covid-19 recovery

  Since its launch in 2005, Coeus Software® has been committed to supporting local communities through the employment of local skilled workers and government apprenticeship schemes. In recovery to the COVID-19 pandemic, Coeus Software® has employed two apprentices and supported digital training courses for all staff seeking to expand their skills base. In response to the pandemic, Coeus Software® provides a work-from-home policy which allows all employees to work in a flexible, safe environment either in the Coeus offices or their own homes. The mental and physical wellbeing of our staff forms the centre of all Coeus Software® operations and the support provided from the HR and Management teams has been vital in mitigating the negative effects of the COVID-19 pandemic. Coeus Software® will continue to follow all COVID-19 related government guidance regarding social distancing, remote working and safe travelling whilst implementing internal safeguarding systems to ensure the security of staff.
• Tackling economic inequality:

  Tackling economic inequality

  Coeus Software® believes in a continuous improvement working environment which seeks innovative development opportunities in the creation of new jobs, provision of staff training and rethinking business processes. The apprenticeship scheme supports the delivery of new ideas and skills into the niche market in which Coeus Software® operates and has developed their individual skills through extensive on-the-job training.
• Equal opportunity:

  Equal opportunity

  Coeus Software® is an equal opportunities employer offering flexible working and career development opportunities and training to all staff regardless of disabilities. At Coeus Software®, we recognise the importance upskilling the workforce and diversifying the knowledge base of staff in order to empower our employees and deliver the best possible results. Our extensive policies surrounding inequalities, disabilities and modern slavery within the workplace are regularly reviewed to ensure maximum coverage.
• Wellbeing:

  Wellbeing

  Coeus Software® is committed to supporting the mental and physical wellbeing of all staff through a range of mechanisms and systems designed to connect with employees. Our regularly updated staff handbook clearly details the support measures in place via our portal and is available at all times. Our healthcare policy provides essential cover both physically and mentally and is included in all staff contracts.

Pricing

• Price: £3 to £20 a person a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A free trial may be available but would be time limited for non live data

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simon.hall@coeussoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.