Idox Software Limited

Argonaut - Alerts

For Subscribed Users - travel alerts allow these users to be automatically notified when a change in the user’s defined route occurs. Users may then register for SMS and email alerts and may define the time periods for when they would like to be alerted.

Features

  • Email, SMS, Social Media alerts
  • Notifications
  • Automatic

Benefits

  • Traffic management
  • Control notification
  • Solutions action
  • Congestion action
  • Traffic calming measures

Pricing

£10,000 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@idoxgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

1 1 2 3 6 4 1 1 6 6 3 2 1 5 0

Contact

Idox Software Limited Lucy Holland
Telephone: 0333 011 1200
Email: frameworks@idoxgroup.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Argonaut
Cloud deployment model
Private cloud
Service constraints
None.
System requirements
  • Must be UTMC compliant
  • Alternatively, must have a published protocol available for integration

User support

Email or online ticketing support
Email or online ticketing
Support response times
1 working day
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Use of product support email, helpdesk portal, ongoing training, office hours only. Critical fault 8 hours response and 4 hours fix. User hand book updates are provided.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We deliver focussed training (based on the outcome of a training needs analysis that identifies different user types and abilities);

Training sessions can be delivered onsite or remotely if required;
All documentation given and training material is available online.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
Microsoft Word
End-of-contract data extraction
Copy of database, Excel and reports.
End-of-contract process
System de-commissioned. Data is archived and exported if required.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Chrome
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None.
Service interface
Yes
Description of service interface
This is a web service API exposed for UTMC objects. We also support DatexII whichi is a standard protocol for UTMC systems.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
None or don't know.
API
Yes
What users can and can't do using the API
Full access to all data inputs and outputs.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Bespoke messages, groups and names. Full user and roles capabilities with multi tenanted environment.

Scaling

Independence of resources
24/7/365 monitoring of services by dedicated team. Use of scalable virtualised hardware.

Analytics

Service usage metrics
Yes
Metrics types
Logging, historical reports, live status information.
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
By XML, CSV or XLS format.
Data export formats
CSV
Data import formats
  • ODF
  • Other

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
VPN, SSL, SSH
Data protection within supplier network
Other
Other protection within supplier network
Data is protected within our network by private WAN service, also IPSec and VPN.

Availability and resilience

Guaranteed availability
99.80%
Approach to resilience
Top tier network provider, SaaS architecture designed with resilience in mind. More details on request.
Outage reporting
Yes through live alerts and historical reports.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Through users and roles.
Access restriction testing frequency
At least every 6 months
Management access authentication
Public key authentication (including by TLS client certificate)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS International Ltd
ISO/IEC 27001 accreditation date
18/12/2019
What the ISO/IEC 27001 doesn’t cover
Not applicable.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Idox Software Ltd has an ISO27001 certified Information Security Management System that covers all business functions including but not limited to, information systems, networks, physical environment, incident/threat management, project and contract management, and personnel management.
Information security awareness training is conducted to ensure policies are communicated and ongoing annual internal reviews and auditing is conducted to ensure processes are followed.
The system and controls are also externally verified an certified annually as part of the ISO 27001 certification process.
Risks raised through internal and external audits are reviewed at management meetings by the Information Security Manager, the appropriate head of business and a board representative.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Requested changes are tested where possible, evaluated for operational and security impact, and agreed before being pushed to production. All changes are logged.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We monitor OWASP and other sources for new software vulnerabilities and vulnerability reports, and software patches. A combination of web application scanning and host vulnerability scanning proactively identifies any design, configuration or vendor patching weaknesses. When identified, any threats are assessed in context and where warranted, fixes are implemented in accordance with their severity. These controls and processes a re monitored as part of our ongoing ISMS/ISO27001 auditing process.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Monitoring tools are used to measure server performance metrics as well as storage and network/bandwidth utilisation. Any potential compromise is raised in line with our security incident reporting procedure.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Security incident reporting process summary: incidents or suspected incidents are raised to internal service desk and reviewed by the Information Security Manager. They are allocated a risk reference, entered into the information security risk log and tracked until closure. In the case of major incidents a major incident report will be produced.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
Public Services Network (PSN)

Pricing

Price
£10,000 a unit
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@idoxgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.