Emu Analytics Ltd


Spatial and temporal data ingestion, analysis and visualisation software for Smart Cities, Transport, Energy systems & IOT sensors and networks


  • Real time actionable insights
  • Location based intelligence with map driven UI
  • Unique Hyper-Performance at scale
  • Zero client side install - Browser only requirement
  • Highly engaging User Interface design
  • Enterprise Grade
  • Data Privacy and GDPR compliance
  • Streaming Data Analytics Engine
  • Massively flexible data integration capabilities
  • Unique and Innovative data sharing and data democratisation capabilites


  • Insights delivered at "right time" speed for maximum business impact
  • Supports multi-variate user base with differing requirements
  • Intuitive platform with minimal training requirements
  • Highly engaging and innovative interface to all users
  • Support for private and public access
  • SaaS that removes the need for internal platform management
  • Rapid speed of delivery - days and weeks not months
  • Share insights and reports easily and securely
  • Value driven performance, scalability and flexibility
  • Web Browser interface delivering stunning 2D and 3D Visuals


£67500 per instance per year

Service documents


G-Cloud 11

Service ID

1 3 7 0 9 6 4 4 9 0 8 6 8 4 8


Emu Analytics Ltd

Richard Vilton



Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints Currently the service is available on AWS. Other cloud platforms are expected to be supported later in the year
System requirements Upto date Web Browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times UK working day 9-5 support only.
Emails will be responded to within 2 hours within these times
User can manage status and priority of support tickets No
Phone support No
Web chat support No
Onsite support Yes, at extra cost
Support levels The final maintenance and support SLA’s levels will be defined and offered based on requirements and related commercial viability of specific SLA levels. This would be part of an agreed Statement of Work (SoW) undertaken with the customer to ensure that the level of support they require for their Flo.w application is aligned to their business priorities and budget.
An account manager contact is provided to each customer.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started The interface is specifically designed to be intuitive, interactive and usable by personnel that do not require deep technical data science training to realise value from the data.

Training and QuickStart sessions are available for Flo.w applications and are agreed as part of a Statement of Work (SoW).
Flo.w applications have relevant on-line help and documentation built in. Specific user documentation can also be produced as part of a SoW.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats Customer Specified
End-of-contract data extraction Data would be destroyed at the end of the contract with the termination of the cloud based instance. Data is not currently extractable from the solution in a reusable format, as it is aggregated and transformed on ingestion to facilitate the functional requirements of the solution.
Should an exceptional case for extraction and partial reverse transformation be required, then the supplier would consider undertaking this as a one-time professional services offering, although the effort and cost would be determined by the nature and volume of the data already consumed by the solution
End-of-contract process At the end of the contract, assuming there is no intent for the solution to be extended, the cloud instance would be shutdown and all related cloud-based assets (data, user accounts etc) destroyed. There would be no further overhead for termination unless bespoke processes were additionally required by the customer.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
Service interface No
Customisation available Yes
Description of customisation Customer specifications are catered for within the Statement of Work (SoW) which defines how the Flo.w application is to be built and configured.
End Users of a Flo.w application can customise the visual display through different selections and choices within the application.


Independence of resources Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them.

Services which provide virtualized operational environments to customers (i.e. EC2) ensure that customers are segregated via security management processes/controls at the network and hypervisor level.

Service usage is monitored to project infrastructure needs to support availability commitments/requirements. Capacity planning is performed to assess current infrastructure usage and demands. The underlying cloud (AWS) architecture and containerisation of Flo.w supports the planning for future demands to acquire and provision additional resources based upon current resources and forecasted requirements.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach Flo.w is provisioned on AWS which adheres to independently validated privacy, data protection, security protections and control processes.
AWS is responsible for the security of the cloud.
End user Access to the Flo.w applications is only ever via secure HTTPS url login. There is no access to any data not presented within the application.
Access to the Flo.w management plane is securely managed through a combination of access keys, VPNs and 2 factor authentication. Where applicable data may also be encrypted within at-rest storage.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Data may be downloaded in standards formats such as CSV or within report formats such as PDF. Applications may also optionally, have the ability to share a "see what I see" URL link.
Data export formats
  • CSV
  • Other
Other data export formats PDF
Data import formats Other
Other data import formats Any open data format can be provisioned into Flo.w

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them. Flo.w's cloud architecture (AWS) enables content by design that allows for the most appropriate secure data transit based on start and end point.
This includes TLS/SSL, and/or IPsec or TLS VPN (if applicable), or other means of protection if required.
API calls can be encrypted with TLS/SSL to maintain confidentiality. AWS Console connection is encrypted with TLS.

Availability and resilience

Availability and resilience
Guaranteed availability Flo.w is provisioned on AWS Cloud provides the following SLA's:
• Amazon EC2 SLA: http://aws.amazon.com/ec2-sla/
• Amazon S3 SLA: http://aws.amazon.com/s3-sla
• Amazon CloudFront SLA: http://aws.amazon.com/cloudfront/sla/
• Amazon Route 53 SLA: http://aws.amazon.com/route53/sla/
• Amazon RDS SLA: http://aws.amazon.com/rds-sla/
• AWS Shield Advanced SLA: https://aws.amazon.com/shield/sla/

Any Flo.w application SLA’s levels will be defined and offered based on requirements and related commercial viability of specific SLA levels. This would be part of an agreed Statement of Work (SoW) undertaken with the customer to ensure that the level of support they require for their Flo.w application is aligned to their business priorities and budget.
Approach to resilience The Flo.w service is provisioned on AWS Cloud.
The AWS Business Continuity plan details the process that AWS follows in the case of an outage, from detection to deactivation. AWS has developed a three-phased approach: Activation and Notification Phase, Recovery Phase, and Reconstitution Phase. This approach ensures that AWS performs system recovery and reconstitution efforts in a methodical sequence, maximising the effectiveness of the recovery and reconstitution efforts and minimizing system outage time due to errors and omissions.

AWS maintains a ubiquitous security control environment across all regions. Each data centre is built to physical, environmental, and security standards in an active-active configuration, employing an n+1 redundancy model, ensuring system availability in the event of component failure. Components (N) have at least one independent backup component. All data centres are online and serving traffic. In case of failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.

All Flo.w application code and data is backed up with agreed client retention dates. Requirements such as replication and hot-failover are agreed as part of a Statement of Work (SoW) with customers. This ensures that Flo.w applications are provisioned to meet and optimise both functionality and budget requirements.
Outage reporting Service outages are reported to the customer via email and/or via direct telephone contact to the customer SPOC (Single Point of Contact) by the Account Manager.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Flo.w is provisioned on AWS which provides IAM for access management. IAM is used to define user access control to all services, APIs and specific resources. Other controls include time, originating IP address, SSL use, and authentication via MFA devices.

API calls to launch/terminate instances, change firewalls, and perform other functions are signed by customers’ Amazon Secret Access Key (either the root AWS Account’s Secret Access Key or the Secret Access key of a user created with AWS IAM).

Only approved Emu personnel are granted access to management interfaces.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Emu Analytics has an internal security policy that defines the current approach to security governance. The company has been audited by global enterprise security teams previously and has passed with it's current security policy that covers:

Access Control Policy,
Antivirus Software for laptops,
Document Confidentiality Classification,
File lists,
GDPR Guide & Resources,
Incident Reporting,
Information Asset Classification And Handling,
Information Security Policy Statement,
Management of Client Data,
Office & Workplace Security Policy,
Risk Register,
SSL Certification,
User Accounts and Password Policies

The company is embarking on a programme to achieve formal ISO27001 certification.
Information security policies and processes The Emu Analytics security policy and procedures are available to all staff on the internal company intranet.

All existing staff are familiar with these policies and the policies are part of any new employee induction.

Emu Analytics follow a structured agile delivery methodology which ensures all projects have daily scrum delivery sessions where policy adherence is both enforced and reviewed.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All software components are version controlled in a Professional and Secure Configuration Management System (BitBucket).
Access and privileges within the repository is strictly managed.
Any third part components and code are virus and malicious code checked.
Company written code is peer reviewed.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Flo.w is provisioned on AWS Cloud Infrastructure. AWS Security performs vulnerability scans on the host operating system, web applications, and databases in the AWS environment. Approved 3rd party vendors conduct external assessments (minimum frequency: quarterly). Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities.

Potential threats are tracked via https://aws.amazon.com/security/security-bulletins/
Security patches against all services are deployed inline with the recommended urgency and security guidance.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Flo.w is provisioned on AWS and utilises the supported monitoring processes. AWS deploys (pan-environmental) monitoring devices to collect information on unauthorized intrusion attempts, usage abuse, and network/application bandwidth usage. Devices monitor:

• Port scanning attacks
• Usage (CPU, processes, disk utilization, swap rates, software-error generated losses)
• Application metrics
• Unauthorized connection attempts

Near real-time alerts flag potential compromise incidents, based on AWS Service/Security Team- set thresholds.
Incidents are responded to as
All incidents are assigned an owner and logged and tracked within the Incident Report.
Incident management type Supplier-defined controls
Incident management approach All incidents are assigned an owner and logged into the internal incident management log which contains:
Date, Description, Severity, Status, Affected Infrastructure, Affected Personnel, Affected Services, Reported by, Incident Owner, Links and Attachment.
Customers can report incidents by emailing Emu Support or by calling their Account Manager directly.
Emu Analytics will always endeavour to resolve problems as swiftly as possible. It recognises that a client’s systems are key to its business and that any downtime may be business affecting. Updates on service affecting issues are communicated to customers via email or by a direct phone call to the customer SPOC

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £67500 per instance per year
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑