Direct Path Solutions Ltd

OWL Metro

OWL is a twice Government award-winning neighbourhood alerting system used by Police and CSPs to engage with communities. It’s used to reduce crime, fear of crime and maximise potential of Neighbourhood Watch, Business Watch, Rural Watch, general community messaging and other schemes across society.

Features

• Send alerts via Email, Push Notification, Mobile app, SMS, Web
• Mobile app: instant notifications, share alerts via social media
• Contact & Neighbourhood Watch management, business, specialist groups, KINs, etc
• Target messages precisely to streets, groups, wards, boroughs, or county
• Rock solid reliability; resilience, redundancy, auto backup every 30 mins
• Detailed management reports of contacts, senders, messages, delivery, etc
• Access securely from desktops or mobile devices anywhere
• Contacts can log in and update own details & preferences
• Rich or simple hierarchies. Live mapping of contacts & CCTV
• Friendly interface, easy to use, flexible. 1000's of happy users

Benefits

• Helps prevent fraud and reduce & solve crime
• Makes public feel a lot safer (according to extensive surveys)
• Rapidly send alerts or appeals to 100'000s or smaller groups
• Empowers volunteers
• Enhances community engagement
• Increases public confidence in police
• Multi-agency use under a single licence
• Proven results in both urban and rural communities
• Also engage with vulnerable groups who aren't online
• Popular, memorable branding, very high levels of registration

£3,800 to £4,799 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@directpath.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

907432917985969

Contact

Gary Fenton
01438 812873
gcloud@directpath.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: No
• System requirements: Any desktop or mobile device with Internet access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our target is to respond to emails within 3 hours during office hours. Weekend support is an upgradable option, as is extended and 24 hours support.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard support hours are 9:30am to 5:30pm, Mon-Fri. Emergencies and critical incidents can be reported 24x7. A SLA is provided as standard with all contracts.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide consultation as part of the service to discuss how you can best get started in terms of organising users, contacts, groups and watches, also with regards to marketing the service to the public. An on-site or remote training session is included. Documentation and how-to guides are also available.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: An export function is provided to download contact data as a CSV file. Or this data can be requested via support.
• End-of-contract process: The customer can export their own data and we will delete it from the system once the contract period has expired if the customer is not going to renew. There is no extra cost for the customer downloading their own data or requesting it's done for them.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All functions of the desktop service are available on mobile devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: All functions of the service are available via a standard web browser including contact management, message sending, search and reports.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: Testing was done with screen readers, browsers set to high contrast mode, with CSS removed, with user's own CSS, fonts and colours applied, and other modes and adjustments utilised by the visually impaired. The service has not been formally certified to WCAG but we have worked in accordance to their guidelines.
• API: No
• Customisation available: Yes
• Description of customisation: We can customise branding, colour scheme, domain name, and home page. However, this is not included as part of the standard service and an additional fee will apply. Your logo is included as part of the standard service.

Scaling

• Independence of resources: Dedicated infrastructure exclusively for the use of the OWL service and its users. High specification, capacity and I/O. Ability to scale if approaching capacity. Demand is constantly monitored and reviewed periodically.

Analytics

• Service usage metrics: Yes
• Metrics types: Self-service reports include: Number of contacts, addresses, watches/groups, messages published, emails/SMS/calls sent. By borough, ward or area or by scheme. Number of users who have sent messages within a time period, any additional cost associated (e.g. SMS/phone). Emails/SMS/calls that have failed. Other stats are available. Please ask if you have a specific requirement.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
• Other data at rest protection approach: Multiple physical barriers, electronic door locks, man-traps, biometric & card readers, 24x7 security guards, CCTV, locked cabinets, very strict access policy,
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: From the administration menu there is an Export option to download a CSV file.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: CSV or Excel file via CJSM or other secure means

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Access limited to police vetted administrators. The level of access granted is based on what the user is required to access in order to perform their job. No access beyond that is given.

Availability and resilience

• Guaranteed availability: Monitored 24x7 by a 3rd party, our service availability achieved 99.99% uptime during 2021. Typically we achieve 99.96%. Our SLA is based on a guarantee of responding and resolving issues within a specific timeframe according to the level of severity. If we fail to meet these assurances and the customer wishes to terminate the contract we will refund any remaining period of the contract, less our initial setup costs.
• Approach to resilience: The datacentre has multiple redundant power and Internet connections. Our servers each take 2 diverse power feeds and 2 diverse network feeds. The datacentre also has 2 separate UPS rooms at each end of the building and multiple diesel generators. Further details are available by request for security reasons.
• Outage reporting: Customers are notified of planned outages by email and at login, while unplanned outages are posted on the website if possible.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: Additional security requirement (confidential)
• Access restrictions in management interfaces and support channels: Only users granted with appropriate levels of permission may access the management interface. The highest levels of access (for infrastructure admin) are additionally restricted by authorised network points only.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus
• ISO/IEC 27001 accreditation date: 25/3/2021
• What the ISO/IEC 27001 doesn’t cover: Proprietary software
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Secured by Design (National Police Approval)
  • Cyber Essentials
  • CESG CHECK
  • Trusted Site

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: Security policies as endorsed by Cyber Essentials accreditation on top of our own policies and processes. ISec policy available on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: In brief, all components and their configurations are documented and updated throughout their lifecycle. Changes are planned in advanced with a security risk assessment and signed off at director level. The changes are applied to the test platform which is monitored to assess the impact. With a successful outcome authorisation is given to apply the changes to the production platform providing a plan has been provided for rollback.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our security partners are a key part of our process in keeping threat detection and protection up to date on a daily basis. Some components are updated daily where others are done to our partner's or supplier's recommended schedule. When we are alerted to a new threat it is assessed as a priority based on information provided by our security partners and actual tests if available.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have real-time monitoring of threats, unusual activity, and component failure which alert us to investigate immediately. Details are confidential but we can disclose to our Govt customers on request.
• Incident management type: Supplier-defined controls
• Incident management approach: Customers must report incidents they are aware of directly to us so we can implement processes to assess and remedy it. If we are aware of an incident that may impact the service for the customer we will inform them promptly by email or phone depending on severity. Customers are kept informed if the situation changes and when it's resolved.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We support and encourage working from home and the use of online meetings to avoid unnecessary travel.; All of our own physical servers are kept to a minimum through virtualisation.
• Covid-19 recovery:

  Covid-19 recovery

  We kept our staff in full employment during and post Covid (without claiming for furlough) and continue to support working from home.
• Equal opportunity:

  Equal opportunity

  We fully support equal opportunities in line with all legal requirements. Details available in our company policy document on request.

Pricing

• Price: £3,800 to £4,799 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@directpath.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.