iMAAP from TRL is the most widely used cloud solution for road crash data analysis, evaluation and road safety management system across the world. Designed for police forces, local authorities and highway authorities, iMAAP helps road safety professionals reduce the number and severity of crashes and casualties.
- The most widely adopted off-the-shelf road safety management solution globally
- Produced by UK’s Transport Research Laboratory (TRL) Road Safety Experts
- Identify problems based on in-depth analyses of crash data
- Establish measurable, realistic road safety goals based on identified problems
- Established track record of global implementations for improving road safety
- Flexible, user-configurable crash data forms compatible with CRASH/NICHE formats
- Supports multiple, map providers to render Geospatial(GIS) data
- Comprehensive, advanced road safety analysis capabilities based on road-safety research
- High-performance, secure web-application fully supported by roadsafety/software team.
- Responsive web application which works on all popular mobile devices/smartphones/tablets/browsers
- Identify problems based on in-depth analyses of crash data
- Establish safety goals to implement road safety countermeasures
- Assist with the formulation of strategy, target setting/performance monitoring
- Comprehensive spatial analysis and the identification of hazardous locations(blackspots/hotspots)
- Designed/developed by road safety experts based on roadsafety research.
- Helps clients to produce practical, real world, road safety benefits
- Links to iRAP and road asset management systems
- Provide stakeholders with reliable access to quality data/reporting
- Simple, web-based solution accessible to browsers and mobile devices
- Produce analysis, insights for economic benefits of remediation works
£10000 per instance per year
- Education pricing available
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Service constraints||IMAAP is subject to planned maintenance schedules administered by TRL which will be informed in at least one week in advance.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Emails can be send to the support team 24 hours a day, 7 days a week. Emails are responded to with within the first available core hour (Mon to Fri, 9am to 5.30pm) except on public holidays.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
All support queries are routed through the support team and are dealt with at the appropriate escalation levels starting with First Line Support > Support Team > Product Managers > Director Level staff.
Support related costs are included in the price regardless of which level the issues are being handled at.
Each client is assigned a project manager for the implementation stage, up until user acceptance testing is completed.
Thereafter, the project is assigned to the services support team.
|Support available to third parties||No|
Onboarding and offboarding
|Getting started||A combination of on-site and online training is provided for iMAAP onboarding. Training documentation is provided and a dynamic searchable user guide is available from within the application.|
|End-of-contract data extraction||At the end of the contract and including at any time during the contract, authorized users are able to export data in standard formats.|
|End-of-contract process||Users will be intimated through designated emails that their contract is coming to an end one month before the contract expiry date. Designated users will be advised to carry out an export and copy all data that has been generated during the contract. At the end of the contract date, all user logins will be deactivated. Costs may apply if the client requires data to be provided in unsupported formats.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||User interface will be automatically optimized for mobile devices since iMAAP is a responsive web application. In some user interfaces, the amount of data displayed will be optimized for best viewing in mobile devices.|
|Accessibility standards||None or don’t know|
|Description of accessibility||N/A|
|Independence of resources||
IMAAP is hosted on Amazon Web Services (AWS). When there is a demand, when the application automatically scales with the auto-scaling features offered by AWS.
The scaling is determined based on CPU usage, memory usage, network throughput and other key parameters that could affect the application performance.
|Service usage metrics||Yes|
System usage, Browser usage, Feature Usage, date and time based usage, device type, device usage, user based metrics.
These are provided through Usage Statistics Module within iMAAP for authorized users.
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Other data at rest protection approach||IMAAP is hosted in AWS. AWS ensures the industry standard data at rest compliance for its services. Application data and assets are strongly encrypted and stored at any point of time.|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||There is an export module in the iMAAP software which helps users to export data any time to CSV and standard formats.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||Excel|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||IPsec or TLS VPN gateway|
Availability and resilience
For scheduled maintenance, we shall inform the client at least 2 weeks in advance for a maintenance downtime of one hour.
The service is normally available 24x7. The service is intended to be available except during scheduled and unscheduled maintenance windows.
|Approach to resilience||Application is hosted in multiple AWS zones in the UK. Further information available on request.|
|Outage reporting||Email alerts|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||IMAAP follows a role-based authentication and authorization to manage its resources.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||NQA Certification Limited, LU5 5ZX|
|ISO/IEC 27001 accreditation date||10/05/2018|
|What the ISO/IEC 27001 doesn’t cover||
No exclusions in the TRL statement of applicability.
Below are covered:
The provision of research, consultancy, expert advice, project management services and software development in connection with transport; the environment; sustainability; natural resources and waste management in accordance with the Statement of Applicability dated 18/05/2017
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
TRL is committed to maintaining and continually improving an Information Security Management System (ISMS) that satisfies applicable requirements and is certified to the international standard ISO/IEC 27001:2013.
The objectives of the ISMS policy are to establish and maintain the security and confidentiality of information systems, applications & networks owned or held by TRL within which:
· Members of staff are aware of their roles, responsibilities and accountability and fully comply with the relevant legislation;
· Information assets under the control are adequately protected against unauthorised access;
· Information assets and supporting business processes, systems and applications, will be protected by implementing appropriate controls to preserve their confidentiality, integrity and availability;
· Risks to information assets will be actively identified and assessed to identify controls that reduce risks to an acceptable level;
· Confidentiality of information is protected;
· Third parties with access to information assets under the control of TRL will be assessed to ensure they meet the necessary information security requirements;
· Business continuity plans are in place and will be tested periodically;
· Actual or suspected information security breaches are identified, analysed and investigated;
· Information security objectives are monitored and reviewed annually at the Management Review Meeting;
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Configuration management of source and documents is done by Git processes. Change management process subscribes to ISO standards.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Conduct regular vulnerability checks, penetration tests and audits. Patches are deployed as hot fixes as soon as possible as a response to any vulnerability detected.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Provocatively observe for unusual network traffic using AWS tools. Constantly monitor audit logs and access logs for suspicious activities. Adequate measures as suggested by in-house security experts will be taken based on the nature of compromise. All incidents will be dealt immediately.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Predefined processes and procedures for InfoSec events and incidents.
The event or security incident is recorded, investigated and corrective / improvement actions are identified including the root cause.
Infosec incidents, events and weaknesses are reported via the helpdesk, in person to the IT, Compliance or the Senior Management team.
Any actual or suspected incident is promptly reported within 24 hours providing key details.
All incidents requires an in depth investigation to establish the facts and to determine what went wrong and how to prevent the issue reoccurring. An Internal Investigation Form is completed and issued to the CEO and FD.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£10000 per instance per year|
|Discount for educational organisations||Yes|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|