Oodl Limited

Oodl Air

Oodl Air x delivers IoT Air Quality gas measurement at scale. The service includes a Device as a Service (DaaS), secure firmware, secure M2M cellular communications, cloud Dashboards and data APIs. Example gases available are NO, NO2, SO2, etc.

Features

  • Real-time Air Quality Sensing
  • Internet of Things Air Quality Measurement
  • Deep Learning Air Quality Analysis
  • Real-time Dashboard
  • Data API (ingress/egress)

Benefits

  • Rapid deployment of devices
  • Device as a service
  • Zero power installation required (service dependent)
  • Out-of-the-box Dashboard and Reports configuration
  • Inexpensive Air Quality measurement

Pricing

£50.36 a unit a month

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 12

Service ID

2 1 4 7 9 0 2 9 5 5 3 9 1 9 0

Contact

Oodl Limited Simon Rodgers
Telephone: +447551060004
Email: simon.rodgers@oodl.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
None
System requirements
Requires an internet connected device to view data and dashboards

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times are typically within 1 hour of ticket submission.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
No
Web chat support
No
Onsite support
Onsite support
Support levels
On-site support is provided as part of the 'as a service' model. Where devices are deemed to be potentially defective, a maintenance visit will be scheduled. This is targeted to be within 48 hours of the identification of the problem.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
The Oodl Cloud Essentials user interface is designed to be as simple to use as is possible.

System design is delivered via a consulting phase in order to both understand the setup the client requires and to familiarise the client with the system.

Once deployed, full user documentation is made available and additional training and modifications are available at an extra cost.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Data will be made available as a data 'dump' with all relationships documented and intact. This will be available for the customer in a secure cloud location for 30 days from termination of contract.

Data integration and consultation services will be made available to the customer at an additional cost if required.
End-of-contract process
At end of contract the DaaS will be recovered from site, telco services terminated, user accounts terminated and the data 'dump' documented and made available to the customer for a period of 30 days from termination.

During this 30 days, reactivation will be FOC other than the cost for site visits. After the 30 day period, reactivation of services will be deemed to be a new contract.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Mobile dashboards by their very nature, are significantly smaller to the user. The standard mobile dashboard is optimised for the smartphone by reducing the content displayed. This is 100% configurable by the user.
Service interface
No
API
Yes
What users can and can't do using the API
The service has an API option which provides the raw data output from the Oodl Air x only. This is designed for advanced users to subscribe to and is delivered as a data 'push' every x seconds/minutes/hours configurable at the device firmware level during setup.

The Oodl API is not a bi-directional API for security reasons, this means that the consumer may not make changes via the API. The API is a consume only API. Changes to poll rates for example, must be made via support ticket.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
The visual elements of the service (Oodl Cloud Essentials) may be customised, this is largely in the form of the secure dashboard that can be manipulated by the user.

Scaling

Independence of resources
The Oodl Cloud is fully scalable and based in Microsoft Azure. Scaling is automatically achieved based on load and demand.

Analytics

Service usage metrics
Yes
Metrics types
Metrics are available via the Oodl Cloud Essentials Dashboard or via the Oodl Cloud API (raw data only). The Dashboard is fully secured and configurable by the user.
Reporting types
  • API access
  • Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data can be exported via CSV via the Dashboard or requests for data 'dumps' can be provided at additional cost.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
The Oodl Cloud offers an SLA which is underpinned by the GB Azure Availability Zone SLA of 99.99% availability. Outside of this availability, up to and limited to 1 month of service credit of the appropriate license (Essentials or API) per device outage suffered.
Approach to resilience
Topology and architecture available on request.
Outage reporting
Outages are communicated by the client dashboard and email alerts.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Access is restricted on a hierarchical basis with access and modification rights allocated at the time of design, with the client.

User authentication and management is in line with industry best practise with optional 2 factor authentication.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Oodl is working towards Cyber Essentials accreditation which it expects to achieve by end of fiscal year 2020.
Information security policies and processes
Oodl is working towards Cyber Essentials accreditation by the end of fiscal year 2020.

Oodl has an extremely flat reporting structure for information security and cyber security in general. The securing of systems is the responsibility of the Technical Director.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Configuration and change management is driven and reviewed through automated logs delivered by Oodl.Cloud. The log files are automatically scanned for potential violations and reviewed regularly by the Technical Director as the end point of security escalation.
Vulnerability management type
Undisclosed
Vulnerability management approach
Device level threats are flagged by a secure application within the firmware and the device takes defensive action (detail on request) in order to render itself secure/inoperable.

Cloud systems are built largely on tier 1 cloud technology and as such, are patched within the bounds of the providers patching schema (such as Azure) or within 24 hours of notice to Oodl but with time communicate any outage to the client.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The Oodl.Cloud is regularly tested for point of penetration and is additionally, automatically scanned for points of entry. Similarly the devices undergo cyber security testing for points of entry at the device or firmware level. With regards to the cellular network, this is a PCI-DSS level network.

Reports from any of these services are responded to within 24 hours of notification and in such time as to alert the client to any potential outage.

Incidents are reported directly to the client responsible person via secure email and/or dashboard alert.
Incident management type
Undisclosed
Incident management approach
Oodl Limited has an internally defined process for incident management which has the escalation point ending with the Technical Director.

Users can report incidents via a support ticket which will automatically be flagged as a priority 1 request. Similarly users will receive updates and incident reports via both the ticketing system and email. Full incident reporting will be delivered to the nominated responsible person for the client.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£50.36 a unit a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
The DaaS and Dashboard can be provided for a period of 30 days for trial purposes. The installation and deinstallation as well as shipping and physical security of the product remain the responsibility of the client.

Service documents