W.D.M.Limited

W.D.M. Limited Pavement Management System (WDM PMS)

WDMPMS is a comprehensive system providing much more than just the Tranche3 UKPMS requirement. Three levels of product are available: a managed map-based browser service for publishing UKPMS datasets; the UKPMS compliant system or the full WDM PMS containing many more tools beyond the UKPMS requirement.

Features

  • Fully integrated mapping tools
  • UKPMS Tranche3 compliance
  • PANDEF3, SKID, HRM/TTS SCANNER raw data processing
  • Construction/Traffic Editing
  • HD28 processing and site category management
  • Life Cycle Planning tools
  • Flexible Document Management capability
  • Comprehensive reporting, dashboard and query facilities
  • Scheme Manager - Maintenance Scheme Automatic Prediction, Ranking and Costing

Benefits

  • Map-based solution for all your Pavement Management needs
  • Centred around flexible network referencing system
  • WDM's Highway Engineering Consultancy can provide expert consultancy services
  • User Groups and highway authority partnerships influence system development
  • Three service options offered and explained in the Pricing Document
  • Industry compliant reporting
  • Can be integrated with the WDM Integrated Asset Management System
  • The full Integrated Asset Management System is also on G-Cloud11

Pricing

£100 to £1200 per user per year

Service documents

Framework

G-Cloud 11

Service ID

2 2 3 3 5 0 3 4 1 4 4 4 6 1 5

Contact

W.D.M.Limited

Graeme Paterson

07866463992

graemep@wdm.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Updates and patching will be scheduled as required to ensure the system remains secure and reliable. This will generally be in out-of-hours periods. However, notice will be given where any planned maintenance may be necessary within the period from 8am to 6pm.
System requirements
  • Up to date Web Browser (supported versions supplied)
  • Valid email address for named users
  • All software, system and security is managed within hosted environment

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support provided between the hours of 08:00-18:00 Monday to Friday (excluding Bank Holidays). Emails populate the support ticketing system with telephone support backup for the purposes of assisting the Client with the proper use of the Software or the Service and/or determining the cause of any errors and using reasonable endeavours to fix errors in the Software or the Service.

Support system is monitored during these hours by 1st line support team and prioritisation is assessed for urgency. Auto-emailed responses as enquiry progresses to completion.

Priority 1: 4 working hours
Priority 2: 1 working day
Priority 3: agreed with client
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels There is one level of support: Help-desk and secure support site are the primary vehicles to manage that. An Account Manager will be assigned to each client and they will manage if any additional prioritisation is required, if any requests are change/control requests and whether charges are required and also any escalation that may be required.

There is availability for providing dedicated support resources through the service and prices are provided via the G-Cloud11 Rate Card pricing document.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onboarding is relatively simple and standardised in UKPMS and Full PMS. Some customisation is possible for tools like the Scheme Prediction software but this is primarily training. Client requirements is led by the WDM Account Manager assigned to the project and they will discuss client requirements and project manage the delivery.

Following Go-live, the day to day support will be passed to the Support Teams but the Account Manager will generally retain overall control of the project to retain continuity.

Training resources will be provided - More recently, this takes the form of training videos that are deployed via the software management console and this seems to work very well.

All charges associated with migration, configuration from the standard build and implementation will be agreed with client in advance.
Service documentation Yes
Documentation formats Other
Other documentation formats
  • Training Videos (mpeg4) deployed directly from the Software
  • Some documentation not appropriate for Video will still be PDF
End-of-contract data extraction Client Admins can have any table or view of the data published with the ad-hoc query tool which in turn supports download in a number of formats (CSV, XML, Shape Files, Mapinfo, KML - the last three obviously only for Spatial datasets).

On termination of the Contract, WDM can also make the data available via their SFTP site for a period of three months following termination.
End-of-contract process As explained above, the client will have access to download their own data free of charge. If WDM are extracting the data then only time will be charged at the hourly rates quoted in the G-Cloud11 Rate Card pricing document - This will vary depending on the extent of the system and can be agreed in advance of the Contract starting.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The back-office systems are on-line Web Browser based and so mobile devices can be used where Internet is available. Tablet size devices are more suitable than phone size devices.
Service interface Yes
Description of service interface The service is accessed via a Web Browser url which opens a Management Console called "AppCentre" from which all Web Browser based application url's are launched (dependent on user security).
Accessibility standards None or don’t know
Description of accessibility We have worked with central government clients to ensure that software, where appropriate, particularly public facing apps, complied with their standards based on WCAG2.1A. In addition, the wide use of bootstrapping in developments ensures standardisation of tools for accessibility. Text is widely used in addition to graphics.
Accessibility testing Development in conjunction with clients' requirements to ensure assistive technology is appropriate for purpose.
API Yes
What users can and can't do using the API Some parts of the service currently have an API but this is primarily relating to interfacing with external systems at present (e.g. FixMySteet, CMS interfacing etc.). API development is part of the WDM RoadMap and that project is well underway. Developments include creating defects & enquiries, asset viewing/editing, mapping links all with full audit trail. The intention would be for the whole service to be API based by 2022.
API documentation No
API sandbox or test environment No
Customisation available Yes
Description of customisation UKPMS is a standard for processing pavement condition data. However, tools exist for privileged users to create new and adapt existing UKPMS weighting sets. In addition full data processing tools are provided in the Full PMS Service to re-process datasets, change trend dates, apply updated construction and traffic changes to allow monitoring the effect of maintenance applied. In the full PMS, the maintenance scheme prediction tool (Scheme Manager) and Life Cycle Planning (LCP) tool allow users to perform an unlimited amount of what-if scenarios etc. User can also create queries in the UKPMS and Full PMS options and publish map layers directly to the integrated mapping function. The UKPMS Lite option is a map viewer and the supplier can publish any datasets for the client as required.

The time may be chargeable if a significant amount of work for the supplier at the rates supplied in the G-Cloud11 Rate Card Pricing document.

Scaling

Scaling
Independence of resources The cloud hosting service is scaled for more than the number of users specified and assuming they are all working concurrently. Sufficient redundancy is scaled as part of that initial system scaling.

The hosted system is continually monitored to ensure that capacity and speed remains fit for purpose and extra resources can be assigned as appropriate.

Analytics

Analytics
Service usage metrics Yes
Metrics types Scheduled reporting can deliver metrics to reporting dashboard.
Charting application can provide real time user metrics.
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach A number of tools are provided for export in the UKPMS and Full WDM PMS options (UKPMS Lite is a map based viewer). All formatted reports are accessed on-line and are downloaded via the browser.

Web Query Builder tools allow any dataset to be queried/filtered and downloaded in a number of formats (CSV, Excel, various spatial formats if appropriate etc).
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • Shape File (if Spatial data)
  • MapInfo format (if spatial data)
  • KML (if spatial data)
  • Word (formatted reports)
  • PDF (formatted reports)
  • CSV
Data import formats Other
Other data import formats
  • HMDIF for UKPMS Datasets
  • MifMid for spatial data sets where appropriate
  • Document system to store main office formats
  • WDM Format WIF files for importing WDM Condition data sets

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We currently achieve the following Service Levels and these are measured and reviewed as part of our ISO 27001 ISMS: Access and availability of the systems at least 98% per year. We actually achieve at least 99.9% to date (equates to 8.76 hours downtime per year). Access to Customer support 08:00 to 18:00, Monday to Friday 5 days a week, not including Bank Holidays at least 98% at all times. Any failures to meet these SLA's will be escalated to the Management Team and appropriate action taken to resolve in discussion with the client.
Approach to resilience The primary cloud hosting environment is Amazon(UK) cloud services and resilience is well documented. Further details can be provided on request. Some existing clients are hosted via WDM's own data centre which may be continued where existing clients use G-cloud to continue their system supply.This WDM hosted system is operated across two redundant sites in Bristol. Each site has dedicated ISP circuits and all critical components are mirrored between the sites. Disaster recovery procedures are all tested annually for both options. Further details can be provided upon request.
Outage reporting The hosted system provides an authenticated monitoring dashboard indicating service health. Email alerts can also be configured to alert for specific predefined conditions.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels The hosted system implements ISO 27001 controls and is certified by BSI. The hosted system is a discrete and separate system from the WDM corporate system. Administration of the hosted system is segregated from corporate accounts allowing for task specific authorisation and monitoring to be implemented. Logs are collected and protected within an intrusion detection system, providing monitoring and alerting for system changes and resource usage.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 05/07/2017
What the ISO/IEC 27001 doesn’t cover Certification does NOT cover ICT equipment, hardware and software on the premises of the ICT System User. Nor does it cover ICT infrastructure such as internet or network connectivity or the third party suppliers of the ICT System User and its agents. Scope is limited to; The Information Security Management System in relation to the provision of Software as a Service and Ancillary Hosted Services. This is in accordance with the Statement of Applicability version 15.00 dated 8 November 2018. View only access to the SOA is available upon request.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes The management system supports how the company will achieve its business objectives and the requirements of management standards that the company adopts for business in the UK and overseas.

These include: ISO 9001 for quality; ISO 14001 for environment; ISO27001 for information security; and BS OHSAS 18001 for occupational health and safety and Cyber Essentials.

The managing director requires that the company follows management systems to ensure products and services meet customer determined requirements and satisfy regulatory bodies. The programme is directed from the top of the company, and all directors, sector heads, managers, supervisors and employees must make a full contribution to the implementation, development and maintenance of management systems.

The management system manual provides a framework for the establishment of leadership,responsibility, competence and the management of documented information.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The hosted system is managed using WDM's ISO9001 and 27001 certified CRUMPET management system. All change management is booked, scheduled, and authorised via this system.

All WDM software updates are deployed using WDM's Hosting Hub platform to ensure an immutable installation process to guard against unintentional security properties being changed.

Hosting hub and Crumpet are integrated systems which provide full visibility of the change management process. Changes can be tracked and reviewed back to customer requirements and authorisations.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Software patching for security fixes are on an automated schedule which are deployed through the change management process. (Release candidate followed by A/B group releases).

WDM Operate an application security assurance programme and regularly scan and test the infrastructure for vulnerabilities. Vulnerabilities are risk accessed and prioritised for remediation. Remediation can be immediate, Overnight, or next available maintenance window dependent on the risk assessment.

We subscribe to vendor alerts and are members of the NCSC Information Sharing partnership.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The web applications are protected by a Web application firewall which scans the requests for malicious activity, blocking and alerting upon suspicious requests.

WDM Operate an intrusion detection suite which receives heterogeneous logs from across the infrastructure and provides insights, reporting and alerting to inform the security status of the system.

WDM Participate in the NSCS CiSP information sharing partnership and receive alerts and indicators of compromises which are loaded into the intrusion detection system.
Incident management type Supplier-defined controls
Incident management approach WDM, as part of the ISO 27001 certified ISMS, operate a security Incident and Investigation Process. This can be made available upon separate request to your account manager.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £100 to £1200 per user per year
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑