vGRID App Security

The vGRID App is the web or iOS app where users can view the CCTV or ANPR data shared with them by donors.

Police can only access the vGRID App from Police devices on the Police Enterprise network. All Police users are authenticated via Single Sign On and access is regularly audited.

Non-Police users (where relevant) are offered SSO for access, or at a minimum SMS-based MFA is required.

All organisations and users only have access to assets and types of access explicitly approved by the asset owner (donor).

User access leverages role-based access controls to ensure personnel are only provided access required for their role.

vGRID’s user permission system has been carefully designed with compliance, flexibility and hierarchy in mind. Users can be placed in multiple groups each capable of providing various levels of access to different visual data sources; These groups can form a hierarchy to ensure that the right users are seeing the right resources, and nothing else.

Permissions in vGRID support complete granularity from a user only having access to a single camera, right up to a system administrator having access to all visual data sources, the ability to administer users and user groups, and everything in between. By default all access is configured following the Principle of Least Privilege.

All administrative changes within the application (user permissions, camera configuration etc) is logged and auditable. This also applies to all standard user actions such as viewing cameras or logging in.

User actions performed in the system (opening, creating, updating, deleting records / comments) as well as video streaming sessions are all logged with associated information to tie this back to who performed the action, and when. This data is available to selected users in the admin panel of vGRID.

All data in transit between vGRID Core and the vGRID Web / iOS Apps are encrypted utilising HTTPS/TURNS.