aql create LoRaWAN networks for the internet of things (IoT), supporting low-power, long-range and low-cost communications. LoRaWAN helps extend battery life significantly, so devices can last for up to 10 years and can be used in conjunction with many types of sensor.


  • Provision of LoRaWAN IoT Gateways
  • Managed IoT network infrastructure
  • Secure data routing from IoT nodes to the client's application


  • Energy efficient - battery powered devices can last for years
  • Collect data across large geographies
  • Very cost efficient versus other networking options
  • Each Gateway can support 1000s of nodes (use case dependant)


£1,800 to £2,200 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

1 5 3 3 5 9 4 8 2 2 8 9 2 1 9


aql Sales
Telephone: 01133203040

Service scope

Service constraints
Wayleaves need to be in place to install our gateways, which are also subject to site surveys. Our solution includes the LoRaWAN network infrastructure, but customers will need to buy nodes separately.
System requirements
None - our network runs independently of customer systems.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Depending on priority level, our response times vary from 30 minutes to 8 hours, between 8.30am - 5.30pm on working days. For weekends, bank holidays and out of hours, we only respond to high priority issues.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
We have a simple support model that includes standard SLA's for all customers. Customers contact our support team for resolution of issues.
Support available to third parties

Onboarding and offboarding

Getting started
We provide documentation and onsite training.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Users can make a request via our account management or support teams.
End-of-contract process
There are no additional costs associated with leaving a contract, though aql will continue to own the assets of the network, including the gateways.

Using the service

Web browser interface
Using the web interface
Our web-based portal enables users to manage nodes & configure data routing on a per application basis.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Our web interface is accessible through all modern web browsers.
Web interface accessibility testing
What users can and can't do using the API
Our API can be used to manage nodes and configure data routing.
API automation tools
API documentation
API documentation formats
  • HTML
  • PDF
Command line interface


Scaling available
Independence of resources
We employ a fair usage policy in our customer contracts and we also regularly review and monitor network capacity to ensure customer service levels are not impacted.
Usage notifications
Usage reporting


Infrastructure or application metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
Other protection within supplier network
We conduct regular intrusion detection monitoring and employ encryption in transit.

Availability and resilience

Guaranteed availability
We endeavour to provide at least 99.5% availability of our service.
Approach to resilience
Available on request.
Outage reporting
We provide service updates via an RSS feed, our portal, and email.

Identity and authentication

User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
We employ role based access control to ensure appropriate access for users.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Our ISO 270001 certification covers the security of our service.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
PCI DSS accreditation date
What the PCI DSS doesn’t cover
The scope of our certification is compliant with the requirements of PCI DSS Version 3.2.
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Aql have over 25 policies in relation to information security. Each is compliant to industry best practice and in accordance with ISO27001 requirements. The policies include, but are not limited to, Access Control, Asset Management, Risk Treatment, Incident Management, Data Protection, Data Retention, Secure Development, Heath & Safety, Remote Working, Acceptable Use, Mobile Device & BYOD and Information Classification. aql have 5 internal auditors who form part of a virtual audit team. The team are responsible for completing audits as per a pre-agreed schedule. The schedule includes a full audit of each policy at least annually. aql have a Regulatory Compliance Board made up of senior stakeholders across the business who meet monthly and discuss any regulatory matters. Any corrective actions are logged as Service Improvement Plans (SIPs) and managed through to completion via the internal SIP tool. The route cause of the SIP can be tracked back on the same tool and linked to the relevant incident or risk log.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Our change management process complies with ISO 270001. Configuration changes are reviewed within the team before being approved for deployment. Code changes are reviewed by multiple teams.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We follow an in-house process that complies with ISO 27001 that we conduct either ad-hoc on demand or once per year. We make attempts to patch systems monthly on systems that can be patched.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We use an in-house hosted monitoring system based on triggers that have been defined in-house.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We have a comprehensive incident management process compliant with ISO 270001. We do employ pre-defined processes for common events. Incidents can be reported via our portal or via email to a managed mailbox. We can provide incident reports on an ad-hoc basis as required.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
We implement compliant infrastructure and adhere to a continuous improvement methodology. However, because our datacentres are also used as a colocation service for business customers to use our datacentre space, we have limited control of what server specifications customers put in our datacentre.


£1,800 to £2,200 a unit
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.