Capita Business Services Limited

Internet of Things

Capita offers an Enterprise IoT platform that manages an entire IoT network from devices through to applications. IoT applications visualise and analyse data generated by IoT sensors by use case, entity, division or department, providing meaningful deep insight into assets and service operations to enable data informed decisions.


  • Single platform for IoT connectivity, management and applications
  • IoT network is carrier grade
  • Uses the LoRaWAN protocol
  • Spectrum is EU 868Mhz
  • Supported by industry recognised partner eco-system
  • Can use both hard wired and mobile connectivity
  • Can operate indoor and outdoor
  • Over 100 ready to deploy use case and applications
  • Easy to deploy, manage and scale
  • Can be shared, private, self managed or managed


  • Safety, monitor and manage hazardous environments
  • Society, monitoring for health and social care
  • Environment, pollution levels, air quality flooding alerts
  • Innovation, use data to deliver new product and services
  • Intelligence, data driven better decisions for organisations and society
  • Compliance, more effective monitor and reporting on compliance requirements
  • Cost savings from productivity enhancements leads to lower cost services
  • Productivity, automated data collection eliminates human errors
  • Efficiency, better use of time speeds up processes
  • IoT collects data, provides insight, discovers patterns and challenges assumptions


£1.00 to £2.00 a device a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

1 5 4 2 5 2 5 7 2 5 6 8 4 4 5


Capita Business Services Limited Capita Business Services Ltd
Telephone: 08702407341

Service scope

Software add-on or extension
Cloud deployment model
  • Private cloud
  • Community cloud
Service constraints
IoT uses radio and wireless technologies, therefore signal range is subject to surrounding environment and terrain. Sensor battery life is subject to its messaging profile. Battery life varies from sensor to sensor device type typically between 2-10 years.
System requirements
  • Sensors to network connectivity uses gateways or access point hardware
  • IoT network subject to setup, application license and subscription costs

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Subject to SLA requirements typically 2hrs or 4hr or other response. Can be Mon-Friday business hours, 365x7x24.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Support levels
Gold: 365 x 7 x 24, 2 hour response
Silver: Mon to Fri, Normal business hours, 2 hour or 4 hour response
Bronze: Mon to Fri, Normal Business hours, same day response
Above support levels are subject to service level requirement, can be also be bespoke to requirement, costed in the service set-up.
Technical account manager is subject to requirement, and costed in the service set-up.
Support available to third parties

Onboarding and offboarding

Getting started
Please engage with Capita IT Services to ensure the correct service and options are identified. We will supply a full statement of works and proof of concept (if required). All customers are onboarded by our TDA, providing a Statement of works detailing the work required prior to BAU.
Service documentation
Documentation formats
End-of-contract data extraction
Data can be transferred to any database or data lake using webhook (also called a web callback or HTTP push API) data transfer. Other methods available on request.
End-of-contract process
At the end of the contract term typically three (3) to five years (5), there is an option to roll-on the service to extend the contract. Or, alternatively provide a minimum thirty (30) day notice to cease the service. Subject to any specific terms agreed within the contract.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
IoT Use Case applications accessible via an Intuitive designed for mobile interface with similar look and feel as the desktop browser version.
Service interface
Description of service interface
IoT network has interfaces for platform and device management and service performance monitoring
Accessibility standards
None or don’t know
Description of accessibility
Our IoT platform has a single-entry point to your applications making IoT delivery and operations processes simpler & faster. This single entry point fast-tracks sensors data delivery to IoT Applications, leveraging a large portfolio of IoT platform connectors and APIs, such as to AWS IoT, Azure IoT and more.
Accessibility testing
No testing has been done with users of assistive technology at this time.
What users can and can't do using the API
Data can be transferred to any database or data lake using a webhook (also called a web callback or HTTP push API) data transfer. Other data transfer methods are available on request.
The above is accessed and managed by IoT platform administrators.
No changes can be made to this API as it has a specific function to transfer data.
API documentation
API sandbox or test environment
Customisation available
Description of customisation
IoT applications can be customised to specific buyer requirements, only limited by sensor ability to send the required use case data.
Customisation of application, data visulaisation and/or dashboard to specific buyer requirements is manage by application development using a framework of modular components and a rapid development method.


Independence of resources
Our service is governed and subject to regional parameters for the EU868 spectrum defined by the LoRa Alliance LoRaWAN protocol specification and Ofcom here in the UK.

Please refer to the information provided in these links for further information:



Service usage metrics
Metrics types
Service usage metrics are subject to service requirements and can be tailored to requirement.
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
ThingPark from Actility (IoTPaaS), Crescent-NV - IoT Application Framework (SaaS)

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Flexible data process using HTTPS or MQTT brokers, DX API, with preconfigured cloud connectors to Azure IoT, Amazon AWS, IBM Watson.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Service Level Agreements (SLAs) and associated Service Credits (SCs) are subject to contract service level agreement requirements, and negotiated contract terms and conditions.
Approach to resilience
Service resilience is subject to service requirements on a case-by-case basis, and can be designed and configure to deliver service resilience requirements. Further information on resilience designed specific requirements is available on request.
Outage reporting
Outage reporting is based on service requirement and service architecture design, currently service reporting is managed and generated by our service desks supporting our services. As a minimum this would include email alerting.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Access details for client systems are held securely in our Customer Service software and access is restricted to only those staff that support the customers cloud based system. The support teams access the customer cloud based system via terminal services and each member of the support team has their own login credentials.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Evova/BM Trada
ISO/IEC 27001 accreditation date
Since 2006
What the ISO/IEC 27001 doesn’t cover
All activity is covered and included in the certificate scope
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
All Capita systems are subject to the Capita corporate cyber and information security policy and the associated standards that underpin this.
Information security policies and processes
SO/IEC 27001 / Other

All Capita systems are subject to the Capita corporate cyber and information security policy and the associated standards that underpin this.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
ITIL based processes are followed.
- Full configuration management system tracking service components
- Full change advisory board
- All changes are assessed for risk and impact
- Includes dedicated test environments

Whilst we have our own controls for change management (in line with our ITIL-oriented service management processes) we will ensure that any upgrade process meets the requirement of your change management policies as well, including liaising with the relevant internal stakeholders to ensure the right people are aware of what is going to take place and when.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Internal QA and test process
- Test and deploy patches in accordance with severity
- Support regular independent penetration testing
- Active monitoring and management of network vulnerability and security threats.
- Relationships with key vendors to understand potential threats
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Monitor entire environment both at infrastructure and software level
- Includes monitoring individual files and folder configuration changes automatically
- Dedicated personnel for monitoring and managing the environment
- Relationships with vendors
- ITIL - deploy emergency change control and emergency escalation processes
- Incidents will be triaged
- Remediation plan in case of security incident
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Fully ITIL based service desk management , includes a dedicated incident management process.
- Incident knowledge-based database, each with a predefined process for resolution
- phone, email, customer support portal as available contact methods to the service desk.
- Service delivery managers provide reports, in addition self service is available through the customer support portal

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Connected networks
Scottish Wide Area Network (SWAN)


£1.00 to £2.00 a device a month
Discount for educational organisations
Free trial available
Description of free trial
30 Day PoC of platform and sensor management with basic data visualization via limited free to use software.
Use Case sensors to be to be provided by the buyer, then connected to the IoT network for the duration PoC.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.