FISH Digital Forensics

FISH Cloud Forensic Evidence and Case Management Service

The service provides a common solution to collect, track and manage all forms of fully compliant digital and physical evidence through the forensics lifecycle, supporting accreditation and process efficiencies.
Reporting and evidence categorisation assists the easy collection of key management information to optimise back-office processing and further business efficiencies.

Features

• Remote collection and transmission of evidence from crime scene investigations
• The processing and analyses of physical evidence in treatment labs
• The collection and processing of devices for digital forensic analyses
• Use images for fingerprints analyses in the Identification Bureau
• Provide image editing and printing services
• Handles life-cycle task management of jobs across multiple departments
• Ability to create fully audit-able MG22/SFR reports and court presentations
• Compliant with accreditation standards ISO-17020 and ISO-17025
• Management and storage of imagery as primary evidence
• Secure storage and management of images under MOPI rules

Benefits

• Supports Force collaboration across the United Kingdom
• Significant automation of the processing of evidence
• Provides enhanced business continuity and capacity across multiple business areas
• Improved access to and quality of management information
• Fully audit-able and compliant with accreditation standards ISO-17020 and ISO-17025
• Cloud service means little impact on Forces ICT departments
• Sharing of workloads means more effective processing
• MG/Streamlined forensic reports and Court presentations significantly easier to create
• Reduction of cracked cases
• Irrefutable outcomes for early guilty pleas

£29.00 to £81.00 a user a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at charles.james@fishtouch.co. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

864554151523241

Contact

Charles James
07836 363490
charles.james@fishtouch.co

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: The underlying local crime or case management applications like Clue, Socrates, Niche and Pronto. ; Asset management systems and image libraries like Fotoware.; Local Lab Management and analysis systems; National identification systems like IDENT1
• Cloud deployment model:
  • Private cloud
  • Hybrid cloud
• Service constraints: FISH-DF uses by default, Amazon Web Services (AWS) on a PALZ platform. AWS are already a major cloud supplier to HM Government and police forces with no known constraints. In addition FISH-DF is deployed in numerous forces who have disparate ICT platforms, including virtual environments such as Citrix, with no known constraints or issues.
• System requirements:
  • Current generation Windows based laptops, desktop PCs and servers
  • Windows 7, Windows Server 2012 R2 or higher
  • Internet Explorer version 10 or higher
  • Epson scanners or those with TWAIN drivers
  • Optional media card reader
  • Optional printers require generic Windows drivers
  • Android version 5 or higher

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: P1 (Blocker/ Critical) 1 working hour; P2 (Major) 1 working hour; P3 (Minor) 1.5 working hours; P4 No loss of service 2 working hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Four service levels:; ; P1-Blocker/Critical. Loss of service impacting all users such that are unable to complete business function:; •Critical fault or failure of Licensed Software;; •Substantial damage/loss of Customer data;; •Severe performance degradation.; ; P2-Major. Loss of service impacting groups of users such that are able to complete business function albeit with some loss of business efficiency:; •Failure of a major feature of Licensed Software;; •Damage to Customer data;; •Performance degradation. ; ; P3-Minor. Loss of service impacting one user or function such that the customer can continue their business process with some loss of business efficiency:; •Minor failure of Licensed Software;; •Performance degradation; ; P4-No Loss of service, only cosmetic.; ; Level Initial-Response Initial-Analyses Resolution; P1 1-Hour 5-Hours 1-Days; P2 1-Hour 1-Day 2/3-Days; P3 1.5-Hours 3-Hours 5-Days; P4 2-Hours 5-Hours 1-Month; ; *Time is working hours/days; ; •Escalation procedures; ; •Access to software updates, maintenance releases and patches; ; ; •Access to 24x7 online support web site.; ; •Unlimited support requests: Available Monday-Friday, 08.30 to 20.30 UK time with exception of public holidays.; ; Support charges are various dependent on size of installation (part-cloud/part-on-site) and other factors around usage. ; ; Our platform supplier (UKCloud) offers a full range of support options including a technical account manager and cloud support engineers.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A site survey is recommended prior to a full quotation so that business requirements, connectivity and deployment issues can be identified and assessed. An example questionnaire is available on request which highlights any IT and operational considerations that need to be agreed prior to deployment. Building, configuring and on-boarding a new customer environment normally takes between 3-5 days.; ; Installation and configuration work packages are defined and documented prior to deployment; ; Onsite training is available from a senior fingerprint examiner with long term experience in the FISH product and service. Training is either to small groups of 5-10 people or to 'train the trainer'; ; Online training is available by video conferencing.; ; Guidelines and user documentation is available for remote transmission and the job processing applications.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Images stored in the FISH online archive can be bulk exported. Each image will have a sidecar text file containing submission and audit / chain of custody information.; ; The API can be used to extract past job information.; ; FISH DF also offers the ability to destroy images as required or by automatically applying local or MOPI rules.
• End-of-contract process: FISH DF uses the services of a world class expert on Fingerprint and Biometric services, who designed and built the UK's first shared service at EMSOU ( East Midlands Scientific Operations Unit ). In addition FISH DF has a user group - FUG, and holds regular workshops with it clients to ensure legislative changes such as ISO-17025 or innovative new functionality, such as the recent Remote Transmission Proof of Concept at the Yorkshires, are incorporated into the latest FISH DF versions. This "horizon scanning" ensures our clients are current and have shared benefits. However as part of the end of contract planning we will offer options to extend the contract, Users to take in house as well as agreed shutting down support. Our expert consultant will work with the force to ensure the minimum disruption and to include advice and guidance on any transformation the new incoming software will need around business process change. This support has not been costed in to date but in recognition of this question FISH DF will offer one day of end of life support -with no charge. Any additional days would be costed at our current day rate in the sfia price list.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: FISH was requested by the Home Office Transforming Forensics team to build a remote transmission service with West Yorkshire police for mobile submissions of images as a Tier 1 service. This system provides two-way communications over the mobile network for guaranteed delivery. It is fully operational with over three million images processed to date. ; ; The desktop service includes the same as the mobile but is also used for image processing, identification and workflow where high performance and large screens are recommended
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: The service interface is used to manage:; ; Directory services for users, grouping, access permissions and workstation configurations.; ; Static configuration data such as evidence types.; ; Evidence, Workflow and Case Management service definitions.; ; System configurations such as communication protocols, export formats, hardware connections and interfaces with 3rd party systems such as email servers, active directory and force management systems.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: The mobile submission process and the workflow servers have been penetration tested at West Yorkshire Police
• API: Yes
• What users can and can't do using the API: There are two API interfaces - one for the submission of images and one for full lab management. The API is based on RESTFULL calls using an HTTPS protocol and commands in JSON format; ; API calls fall into the following sections; User identification ; Directory services; Submitting images; Case and exhibit management services; Workflow services; Alert and notification services; Equipment management services; Viewing and editing images; Viewing tracking and audit information; Viewing published reports; Managing static data; ; API calls are controlled through user group functionality and access permissions. Only authenticated logged in users can use API calls. An example is only a service manager can change access permissions for another user. Another is only a supervisor can delete images.; ; Calls are defined with options to create, update or delete data with defined fields as mandatory. ; ; API calls can not delete user or audit records. ; ; Control of API calls can be customised by the FISH support team as required
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Buyers can customise many aspects of the system including standing data tables, workflows, case details, exhibit management processes, evidence types, directory services.; ; Reports and dashboards can be customised using an online editor.; ; Configuration schemas are used to customise:; Printing.; Scanning.; Burning CDs.; File import and export services.; AFIS feeds.

Scaling

• Independence of resources: Prior to installation FISH DF will assess with the client potential workload peaks and agree the appropriate provisioning of the cloud platform. That service architecture along with associated SLA's, will be designed in such a way that the underlying IT cloud infrastructure can be flexed to meet any operational demands whether that is an increase or decrease of usage with no degradation of service. ; ; In order to guarantee that users are not affected by the demands from other users, we use resource reservations and shares such as internet bandwidth shaping.

Analytics

• Service usage metrics: Yes
• Metrics types: All aspects of the operational use of the FISH service can be generated. These include SLAs, audits and usage reports.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Four ways to manually export data. ; ; By case or by selected image to a CD, folder, media card or 'MyDocuments'. Images can be converted to TIF, JPEG, JPEG200, PNG, or BMP to defined size, resolution, depth and with custom naming convention; ; By printing images as single prints or as an album; ; By printing or exporting a case report; ; Bulk export to a file server by archive an archive management tool
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Original image
  • Converted image formats such as jpeg, jpeg2000, tiff, png, bmp
  • Microsoft Word documents for forensic reports
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Professional image formats TIF, JPEG, JPEG200, NEF, RAW, PNG, BMP
  • PDF documents

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Other
• Other protection between networks: We offer the choice of connecting: ; • Via the internet using additional encryption such as TLS 1.2 ; • IPSec VPN tunnels; • Via private networks such as leased lines or MPLS; • Via public sector networks such as PSN, N3, Janet
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: UKCloud: We use dedicated CAS-T circuits between each of our sites to ensure the protection of customer data in-flight. We additionally encrypt this data within our Elevated OFFICIAL platform. All data flows are also subject to our protective monitoring service.

Availability and resilience

• Guaranteed availability: Up to 99.99% availability assured by contractual commitment
• Approach to resilience: Amazon Web Services on the PLAZ platform (FISH DF's default cloud supplier) offers an SLA for customers for Service availability. Single-site service availability for a customer is 99.5%. Dual-site service availability for a customer is 99.99%. ; All service elements within a single site are resilient and are redundant between sites catering for high availability services. Objects are automatically replicated across nodes to protect against hardware failure. The AWS PALZ service is deployed across a number of sites, regions and zones. Each zone is designed to eliminate single points of failure (such as power, network and hardware). ; ; AWS on PALZ can provide a system design review and analysis with the customers if required. This is available on request and at additional charges, price on application
• Outage reporting: FISH DF reports any outage via email alert to customers.; ; AWS outages will be reported via the Service Status page and the notifications service within the AWS Portal. Outages are identified as Planned maintenance, Emergency maintenance, and platform issues. In addition, the designated Technical Account Manager will proactively contact FISH-DF as appropriate who will then contact customers.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: Access is restricted in management interfaces and support channels by using user and workstation group permissions. A set of groups are defined in-conjunction with the customer that are linked to system functionality and ability to manage certain crime types, evidence types and viewing of reports. Users and workstations are added/removed from a group by the customer service manager.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyds Register (LR)
• ISO/IEC 27001 accreditation date: 8th May 2012
• What the ISO/IEC 27001 doesn’t cover: Nothing
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 28th October 2016
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: Nothing
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO27018
  • Cyber Essentials
  • Cyber Essentials Plus
  • ISO9001
  • ISO20000
  • ISO27017
  • CISPE (Cloud-Infrastructure-Service Providers-in-Europe) Code of Conduct Certification

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
• Other security governance standards: CSA STAR, ISO27001, ISO27017, ISO27018 and ISO20000
• Information security policies and processes: The security of our platform is our number one priority. We have always been committed to adhering to exacting standards, frameworks and best practice. Everything we do is subject to regular independent validation by government accreditors, sector auditors and management system assessors. FISH DF are governed by our end clients in the UK police forces and adhere to their required (various) levels of clearance and standards especially when using remote access to upload or manage the FISH DF software.; ; Regarding hosting, AWS has a number of inter-connected governance frameworks in place which control both how the Company operates and the manner in which it delivers cloud services to its customers. These have been independently assessed and certified against ISO20000, ISO27001, ISO27017 and ISO27018 by LRQA, a UKAS accredited audit body. The Company is governed by an integrated suite of information security policies. Under the top level Information Security Policy itself are second-level documents with specific focus on Acceptable Use, Antivirus Protection, Asset Management, Business Continuity Management, Data Protection, Password Management, Personnel Management, Supply Chain Management and many others.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: FISH DF conform to ITIL best practice but are not currently accredited. ; ; AWS has documented configuration and change management policies and processes, which have been implemented, maintained and assessed in accordance with the guidance from ITILv.3 and the current ISO20000 standard. Formal configuration management activities, including record management and asset reporting, are monitored and validated constantly, and any identified discrepancies promptly escalated for investigation. A robust, established process for the formal submission of change requests is mandated prior to review and approval of the daily Change Advisory Board, which is attended by a quorum of operational and technical management personnel.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: AWS has a documented vulnerability management policy and process, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 and ISO27001 standards. Where technically possible, real-time updates and status reports are identified and sourced from credible vendor sources, which cover a significant proportion of AWS’s asset population. For other systems and software, assigned personnel have responsibility for regularly reviewing technical forums and specialist groups to promptly identify and evaluate any emerging patches or updates which require our attention.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Following best practice from the National Cyber Security Centre, AWS protects both its PALZ platforms with 24x7 enhanced protective monitoring services, vulnerability scanning and assessment. Our approach to protective monitoring at minimum meets the Protective Monitoring Controls (PMC 1-12) outlined in NCSC document GPG13 (Protective Monitoring for HMG ICT Systems). It includes checks against systems events (SIEM) and network traffic analysis, including time sources, cross-boundary traffic, suspicious activities at a boundary, network connections and status of backups. Any alerts generated are logged and investigated 24x7.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident management has four processes based on the four priority levels P1-Blocker/Critical, P2-Major, P3-Minor and P4-RFC:; ; Initial response; Initial Analysis; Resolution; Escalation; ; The 'Escalation' procedure has three levels of response based on:; Help desk supervisor ; Senior Manager; Head of IS; ; The user reports incidents using the 24/7 online FISH service desk or for P1 critical issues by telephone or by email to the FISH support desk.; ; Incident reports are provided through the 24/7 online FISH Service Desk

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Police National Network (PNN)

Social Value

• Fighting climate change:

  Fighting climate change

  We are strong advocates of fighting climate change.; ; All product design, business and operational activities are influenced on how we can help towards net zero greenhouse gas emissions.; ; Policies are defined to minimise energy usage at data centres and in sustainable travel solutions such as maximising remote access to our customers IT infrastructure and online training.; ; Policies for personal computing workstations, screen and devices consider the efficiency of new technologies verses the cost to the environment for replacing them.; ; We influence staff, suppliers, customers and communities to support environmental protection and improvement through passing on social value elements to contracts and by actively promoting the policies in our daily lives.
• Covid-19 recovery:

  Covid-19 recovery

  We recognise the devastation that Covid 19 is to humanity and that people need proportional protection against the virus and provide adequate time to recover from its effects.; ; Our focus is on creating products and services that help our community customers such as the Police with the COVID-19 recovery effort ; ; We try to support organisations and businesses to manage and recover from the impacts of COVID-19, including where new ways of working are needed to deliver services. ; ; We support the physical and mental health of people affected by COVID-19, including reducing the demand on health and care services. ; ; We support the COVID-19 recovery effort including effective social distancing, remote working, and sustainable travel solutions.
• Tackling economic inequality:

  Tackling economic inequality

  As a company we recognise the need to tackle economic inequality.; ; As an SME we are lifelong advocates of providing opportunities for entrepreneurship and to help new, small organisations to grow, supporting economic growth and business creation; ; Our focus is on supporting our community customers such as the Police with digital tools and services to help tackle economic inequality
• Equal opportunity:

  Equal opportunity

  Whenever possible, we include social value policies for equal opportunities within our contracted workforce and partners.; ; As part of due diligence with working with contracted workforces, partners and customers we have a policy to identify and manage the risks of modern slavery.
• Wellbeing:

  Wellbeing

  As a software company we are life long advocates of supporting wellbeing.; ; We strongly encourage active exercising, balanced diet and daily nourishment, managing stress, not over working and taking holidays.; ; We recognise that stress can be alleviated with better preparation, planning and constant review. We use the values in the Agile methodology for software development as a framework for managing our daily lives; ; We support the health and wellbeing, including physical and mental health, in the contract workforce by including social value clauses in contracts and by actively communicating with the individuals.; ; We encourage the influencing of staff, suppliers, customers and communities to support health and wellbeing, including physical and mental health with regular communications and mentoring

Pricing

• Price: £29.00 to £81.00 a user a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at charles.james@fishtouch.co. Tell them what format you need. It will help if you say what assistive technology you use.