Direct Path Solutions Ltd

OWL Metro

OWL is a twice Government award-winning neighbourhood alerting system used by Police and CSPs to engage with communities. It’s used to reduce crime, fear of crime and maximise potential of Neighbourhood Watch, Business Watch, Rural Watch, general community messaging and other schemes across society.


  • Send alerts via Email, Push Notification, Mobile app, SMS, Web
  • Mobile app: instant notifications, share alerts via social media
  • Contact & Neighbourhood Watch management, business, specialist groups, KINs, etc
  • Target messages precisely to streets, groups, wards, boroughs, or county
  • Rock solid reliability; resilience, redundancy, auto backup every 30 mins
  • Detailed management reports of contacts, senders, messages, delivery, etc
  • Access securely from desktops or mobile devices anywhere
  • Contacts can log in and update own details & preferences
  • Rich or simple hierarchies. Live mapping of contacts & CCTV
  • Friendly interface, easy to use, flexible. 1000's of happy users


  • Helps prevent fraud and reduce & solve crime
  • Makes public feel a lot safer (according to extensive surveys)
  • Rapidly send alerts or appeals to 100'000s or smaller groups
  • Empowers volunteers
  • Enhances community engagement
  • Increases public confidence in police
  • Multi-agency use under a single licence
  • Proven results in both urban and rural communities
  • Also engage with vulnerable groups who aren't online
  • Popular, memorable branding, very high levels of registration


£3,800 to £4,799 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

9 0 7 4 3 2 9 1 7 9 8 5 9 6 9


Direct Path Solutions Ltd Gary Fenton
Telephone: 01438 812873

Service scope

Software add-on or extension
Cloud deployment model
Hybrid cloud
Service constraints
System requirements
Any desktop or mobile device with Internet access

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our target is to respond to emails within 3 hours during office hours. Weekend support is an upgradable option, as is extended and 24 hours support.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Standard support hours are 9:30am to 5:30pm, Mon-Fri. Emergencies and critical incidents can be reported 24x7. A SLA is provided as standard with all contracts.
Support available to third parties

Onboarding and offboarding

Getting started
We provide consultation as part of the service to discuss how you can best get started in terms of organising users, contacts, groups and watches, also with regards to marketing the service to the public. An on-site or remote training session is included. Documentation and how-to guides are also available.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
An export function is provided to download contact data as a CSV file. Or this data can be requested via support.
End-of-contract process
The customer can export their own data and we will delete it from the system once the contract period has expired if the customer is not going to renew. There is no extra cost for the customer downloading their own data or requesting it's done for them.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
All functions of the desktop service are available on mobile devices.
Service interface
User support accessibility
WCAG 2.1 A
Description of service interface
All functions of the service are available via a standard web browser including contact management, message sending, search and reports.
Accessibility standards
WCAG 2.1 A
Accessibility testing
Testing was done with screen readers, browsers set to high contrast mode, with CSS removed, with user's own CSS, fonts and colours applied, and other modes and adjustments utilised by the visually impaired. The service has not been formally certified to WCAG but we have worked in accordance to their guidelines.
Customisation available
Description of customisation
We can customise branding, colour scheme, domain name, and home page. However, this is not included as part of the standard service and an additional fee will apply. Your logo is included as part of the standard service.


Independence of resources
Dedicated infrastructure exclusively for the use of the OWL service and its users. High specification, capacity and I/O. Ability to scale if approaching capacity. Demand is constantly monitored and reviewed periodically.


Service usage metrics
Metrics types
Self-service reports include: Number of contacts, addresses, watches/groups, messages published, emails/SMS/calls sent. By borough, ward or area or by scheme. Number of users who have sent messages within a time period, any additional cost associated (e.g. SMS/phone). Emails/SMS/calls that have failed. Other stats are available. Please ask if you have a specific requirement.
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Less than once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach
Multiple physical barriers, electronic door locks, man-traps, biometric & card readers, 24x7 security guards, CCTV, locked cabinets, very strict access policy,
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
From the administration menu there is an Export option to download a CSV file.
Data export formats
Data import formats
Other data import formats
CSV or Excel file via CJSM or other secure means

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Access limited to police vetted administrators. The level of access granted is based on what the user is required to access in order to perform their job. No access beyond that is given.

Availability and resilience

Guaranteed availability
Monitored 24x7 by a 3rd party, our service availability achieved 99.99% uptime during 2021. Typically we achieve 99.96%. Our SLA is based on a guarantee of responding and resolving issues within a specific timeframe according to the level of severity. If we fail to meet these assurances and the customer wishes to terminate the contract we will refund any remaining period of the contract, less our initial setup costs.
Approach to resilience
The datacentre has multiple redundant power and Internet connections. Our servers each take 2 diverse power feeds and 2 diverse network feeds. The datacentre also has 2 separate UPS rooms at each end of the building and multiple diesel generators. Further details are available by request for security reasons.
Outage reporting
Customers are notified of planned outages by email and at login, while unplanned outages are posted on the website if possible.

Identity and authentication

User authentication needed
User authentication
  • Username or password
  • Other
Other user authentication
Additional security requirement (confidential)
Access restrictions in management interfaces and support channels
Only users granted with appropriate levels of permission may access the management interface. The highest levels of access (for infrastructure admin) are additionally restricted by authorised network points only.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Proprietary software
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
  • Secured by Design (National Police Approval)
  • Cyber Essentials
  • Trusted Site

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials
Information security policies and processes
Security policies as endorsed by Cyber Essentials accreditation on top of our own policies and processes. ISec policy available on request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
In brief, all components and their configurations are documented and updated throughout their lifecycle. Changes are planned in advanced with a security risk assessment and signed off at director level. The changes are applied to the test platform which is monitored to assess the impact. With a successful outcome authorisation is given to apply the changes to the production platform providing a plan has been provided for rollback.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our security partners are a key part of our process in keeping threat detection and protection up to date on a daily basis. Some components are updated daily where others are done to our partner's or supplier's recommended schedule. When we are alerted to a new threat it is assessed as a priority based on information provided by our security partners and actual tests if available.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We have real-time monitoring of threats, unusual activity, and component failure which alert us to investigate immediately. Details are confidential but we can disclose to our Govt customers on request.
Incident management type
Supplier-defined controls
Incident management approach
Customers must report incidents they are aware of directly to us so we can implement processes to assess and remedy it. If we are aware of an incident that may impact the service for the customer we will inform them promptly by email or phone depending on severity. Customers are kept informed if the situation changes and when it's resolved.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

We support and encourage working from home and the use of online meetings to avoid unnecessary travel.
All of our own physical servers are kept to a minimum through virtualisation.
Covid-19 recovery

Covid-19 recovery

We kept our staff in full employment during and post Covid (without claiming for furlough) and continue to support working from home.
Equal opportunity

Equal opportunity

We fully support equal opportunities in line with all legal requirements. Details available in our company policy document on request.


£3,800 to £4,799 a licence a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.