W.D.M. Limited Pavement Management System (WDM PMS)
WDMPMS is a comprehensive system providing much more than just the Tranche3 UKPMS requirement. Three levels of product are available: a managed map-based browser service for publishing UKPMS datasets; the UKPMS compliant system or the full WDM PMS containing many more tools beyond the UKPMS requirement.
- Fully integrated mapping tools
- UKPMS Tranche3 compliance
- PANDEF3, SKID, HRM/TTS SCANNER raw data processing
- Construction/Traffic Editing
- HD28 processing and site category management
- Life Cycle Planning tools
- Flexible Document Management capability
- Comprehensive reporting, dashboard and query facilities
- Scheme Manager - Maintenance Scheme Automatic Prediction, Ranking and Costing
- Map-based solution for all your Pavement Management needs
- Centred around flexible network referencing system
- WDM's Highway Engineering Consultancy can provide expert consultancy services
- User Groups and highway authority partnerships influence system development
- Three service options offered and explained in the Pricing Document
- Industry compliant reporting
- Can be integrated with the WDM Integrated Asset Management System
- The full Integrated Asset Management System is also on G-Cloud11
£100 to £1200 per user per year
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Service constraints||Updates and patching will be scheduled as required to ensure the system remains secure and reliable. This will generally be in out-of-hours periods. However, notice will be given where any planned maintenance may be necessary within the period from 8am to 6pm.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Support provided between the hours of 08:00-18:00 Monday to Friday (excluding Bank Holidays). Emails populate the support ticketing system with telephone support backup for the purposes of assisting the Client with the proper use of the Software or the Service and/or determining the cause of any errors and using reasonable endeavours to fix errors in the Software or the Service.
Support system is monitored during these hours by 1st line support team and prioritisation is assessed for urgency. Auto-emailed responses as enquiry progresses to completion.
Priority 1: 4 working hours
Priority 2: 1 working day
Priority 3: agreed with client
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
There is one level of support: Help-desk and secure support site are the primary vehicles to manage that. An Account Manager will be assigned to each client and they will manage if any additional prioritisation is required, if any requests are change/control requests and whether charges are required and also any escalation that may be required.
There is availability for providing dedicated support resources through the service and prices are provided via the G-Cloud11 Rate Card pricing document.
|Support available to third parties||Yes|
Onboarding and offboarding
Onboarding is relatively simple and standardised in UKPMS and Full PMS. Some customisation is possible for tools like the Scheme Prediction software but this is primarily training. Client requirements is led by the WDM Account Manager assigned to the project and they will discuss client requirements and project manage the delivery.
Following Go-live, the day to day support will be passed to the Support Teams but the Account Manager will generally retain overall control of the project to retain continuity.
Training resources will be provided - More recently, this takes the form of training videos that are deployed via the software management console and this seems to work very well.
All charges associated with migration, configuration from the standard build and implementation will be agreed with client in advance.
|Other documentation formats||
|End-of-contract data extraction||
Client Admins can have any table or view of the data published with the ad-hoc query tool which in turn supports download in a number of formats (CSV, XML, Shape Files, Mapinfo, KML - the last three obviously only for Spatial datasets).
On termination of the Contract, WDM can also make the data available via their SFTP site for a period of three months following termination.
|End-of-contract process||As explained above, the client will have access to download their own data free of charge. If WDM are extracting the data then only time will be charged at the hourly rates quoted in the G-Cloud11 Rate Card pricing document - This will vary depending on the extent of the system and can be agreed in advance of the Contract starting.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The back-office systems are on-line Web Browser based and so mobile devices can be used where Internet is available. Tablet size devices are more suitable than phone size devices.|
|Accessibility standards||None or don’t know|
|Description of accessibility||We have worked with central government clients to ensure that software, where appropriate, particularly public facing apps, complied with their standards based on WCAG2.1A. In addition, the wide use of bootstrapping in developments ensures standardisation of tools for accessibility. Text is widely used in addition to graphics.|
|Accessibility testing||Development in conjunction with clients' requirements to ensure assistive technology is appropriate for purpose.|
|What users can and can't do using the API||Some parts of the service currently have an API but this is primarily relating to interfacing with external systems at present (e.g. FixMySteet, CMS interfacing etc.). API development is part of the WDM RoadMap and that project is well underway. Developments include creating defects & enquiries, asset viewing/editing, mapping links all with full audit trail. The intention would be for the whole service to be API based by 2022.|
|API sandbox or test environment||No|
|Description of customisation||
UKPMS is a standard for processing pavement condition data. However, tools exist for privileged users to create new and adapt existing UKPMS weighting sets. In addition full data processing tools are provided in the Full PMS Service to re-process datasets, change trend dates, apply updated construction and traffic changes to allow monitoring the effect of maintenance applied. In the full PMS, the maintenance scheme prediction tool (Scheme Manager) and Life Cycle Planning (LCP) tool allow users to perform an unlimited amount of what-if scenarios etc. User can also create queries in the UKPMS and Full PMS options and publish map layers directly to the integrated mapping function. The UKPMS Lite option is a map viewer and the supplier can publish any datasets for the client as required.
The time may be chargeable if a significant amount of work for the supplier at the rates supplied in the G-Cloud11 Rate Card Pricing document.
|Independence of resources||
The cloud hosting service is scaled for more than the number of users specified and assuming they are all working concurrently. Sufficient redundancy is scaled as part of that initial system scaling.
The hosted system is continually monitored to ensure that capacity and speed remains fit for purpose and extra resources can be assigned as appropriate.
|Service usage metrics||Yes|
Scheduled reporting can deliver metrics to reporting dashboard.
Charting application can provide real time user metrics.
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
A number of tools are provided for export in the UKPMS and Full WDM PMS options (UKPMS Lite is a map based viewer). All formatted reports are accessed on-line and are downloaded via the browser.
Web Query Builder tools allow any dataset to be queried/filtered and downloaded in a number of formats (CSV, Excel, various spatial formats if appropriate etc).
|Data export formats||
|Other data export formats||
|Data import formats||Other|
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||We currently achieve the following Service Levels and these are measured and reviewed as part of our ISO 27001 ISMS: Access and availability of the systems at least 98% per year. We actually achieve at least 99.9% to date (equates to 8.76 hours downtime per year). Access to Customer support 08:00 to 18:00, Monday to Friday 5 days a week, not including Bank Holidays at least 98% at all times. Any failures to meet these SLA's will be escalated to the Management Team and appropriate action taken to resolve in discussion with the client.|
|Approach to resilience||The primary cloud hosting environment is Amazon(UK) cloud services and resilience is well documented. Further details can be provided on request. Some existing clients are hosted via WDM's own data centre which may be continued where existing clients use G-cloud to continue their system supply.This WDM hosted system is operated across two redundant sites in Bristol. Each site has dedicated ISP circuits and all critical components are mirrored between the sites. Disaster recovery procedures are all tested annually for both options. Further details can be provided upon request.|
|Outage reporting||The hosted system provides an authenticated monitoring dashboard indicating service health. Email alerts can also be configured to alert for specific predefined conditions.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||The hosted system implements ISO 27001 controls and is certified by BSI. The hosted system is a discrete and separate system from the WDM corporate system. Administration of the hosted system is segregated from corporate accounts allowing for task specific authorisation and monitoring to be implemented. Logs are collected and protected within an intrusion detection system, providing monitoring and alerting for system changes and resource usage.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BSI|
|ISO/IEC 27001 accreditation date||05/07/2017|
|What the ISO/IEC 27001 doesn’t cover||Certification does NOT cover ICT equipment, hardware and software on the premises of the ICT System User. Nor does it cover ICT infrastructure such as internet or network connectivity or the third party suppliers of the ICT System User and its agents. Scope is limited to; The Information Security Management System in relation to the provision of Software as a Service and Ancillary Hosted Services. This is in accordance with the Statement of Applicability version 15.00 dated 8 November 2018. View only access to the SOA is available upon request.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
The management system supports how the company will achieve its business objectives and the requirements of management standards that the company adopts for business in the UK and overseas.
These include: ISO 9001 for quality; ISO 14001 for environment; ISO27001 for information security; and BS OHSAS 18001 for occupational health and safety and Cyber Essentials.
The managing director requires that the company follows management systems to ensure products and services meet customer determined requirements and satisfy regulatory bodies. The programme is directed from the top of the company, and all directors, sector heads, managers, supervisors and employees must make a full contribution to the implementation, development and maintenance of management systems.
The management system manual provides a framework for the establishment of leadership,responsibility, competence and the management of documented information.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
The hosted system is managed using WDM's ISO9001 and 27001 certified CRUMPET management system. All change management is booked, scheduled, and authorised via this system.
All WDM software updates are deployed using WDM's Hosting Hub platform to ensure an immutable installation process to guard against unintentional security properties being changed.
Hosting hub and Crumpet are integrated systems which provide full visibility of the change management process. Changes can be tracked and reviewed back to customer requirements and authorisations.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Software patching for security fixes are on an automated schedule which are deployed through the change management process. (Release candidate followed by A/B group releases).
WDM Operate an application security assurance programme and regularly scan and test the infrastructure for vulnerabilities. Vulnerabilities are risk accessed and prioritised for remediation. Remediation can be immediate, Overnight, or next available maintenance window dependent on the risk assessment.
We subscribe to vendor alerts and are members of the NCSC Information Sharing partnership.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
The web applications are protected by a Web application firewall which scans the requests for malicious activity, blocking and alerting upon suspicious requests.
WDM Operate an intrusion detection suite which receives heterogeneous logs from across the infrastructure and provides insights, reporting and alerting to inform the security status of the system.
WDM Participate in the NSCS CiSP information sharing partnership and receive alerts and indicators of compromises which are loaded into the intrusion detection system.
|Incident management type||Supplier-defined controls|
|Incident management approach||WDM, as part of the ISO 27001 certified ISMS, operate a security Incident and Investigation Process. This can be made available upon separate request to your account manager.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£100 to £1200 per user per year|
|Discount for educational organisations||No|
|Free trial available||No|