Provides comprehensive functionality for the coordination of all activities which could potentially cause disruption on the highway, including Utility/Highway Authority Works and non-works activities, allowing Street Authorities to discharge their works co-ordination duties under the New Roads and Street Works Act 1991 (NRSWA) and the Traffic Management Act 2004 (TMA).
- EToN 6 Compliant Street Works Noticing/Permitting
- Embedded GIS/Mapping facilities based on ESRI technology
- Mobile Working capability with real-time communications with central system
- National Street Gazetteer maintenance, including full ASD
- Integrated charging/invoicing functions for all Street Works charges including FPNs
- Powerful Traffic Management coordination facilities (automatic conflict and pinch-point detection)
- Comprehensive Inspection facilities to manage Statutory and user-defined inspections
- Comprehensive Street Works lifecycle management facilities for Authority Works Promoters
- Interfaces available to allow the web publication of text/spatial data
- Comprehensive reporting facilities including national KPIs
- Integrated solution removes need & cost for numerous separate systems
- Provides accurate, timely, reliable, valid, complete and secure data
- Significantly reduces administrative overheads by improving efficiency
- Provides incentives for speedy, efficient and quality completion of works
- Increases efficiency by enabling mobile working
- Ensures compliance with latest EToN legislation and CoPs
- Reduces the impact of Street Works to the road users
- Improves the communication of Street Works to the public
- Manages all financial aspects associated with Noticing & Permitting
- Intuitive user interface with common look and feel minimises training
£1292 to £1386 per user per year
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||A nightly planned maintenance window of 30 minutes scheduled between 21:00 and 24:00.|
|System requirements||The Insight Mobile software requires Windows tablet|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Response times are based on the helpdesk hours and are dependant on priority.
Priority 1 -> 1 hour,
Priority 2 -> 1 hour,
Priority 3 -> 24 hours,
Priority 4 -> 24 hours
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.0 AA or EN 301 549|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Symology offer a single level of high quality support to all our customers which has resulted in us retaining our extensive customer base for many years.
Symology’s helpdesk is able to offer both technical and functional support during standard office hours Monday to Friday. Manned support outside of the standard support time can be made available at an additional charge as required. Symology also provide a designated Account Manager who is a product consultant and is available during office hours for escalation of issues. Symology also include a Customer Service Portal (Fault Management System) which provides a web interface that allows customers to create or review Insight support cases at any time. It also allows customers to;
• Search and browse the Insight product knowledgebase.
• Log new support case's, specifying a priority.
• Check on the status of existing cases (including those opened by phone or email).
• Add comments and attachments to existing cases.
• A detailed Customer Service Portal User Guide is available to users on logging in to the portal.
|Support available to third parties||Yes|
Onboarding and offboarding
Symology provide Introduction to Insight training videos, available via the customer only area of the Symology website. It is pre-requisite of attending a training course that end users have familiarised themselves with these videos.
During an implementation key personnel will gain a detailed understanding of the functionality within Insight (and the options available), and they will fully understand how the business processes are merged with the system functionality.
Standard/bespoke training courses can then be delivered using the customer’s data and be tailored, as far as possible, to match the business processes that have been agreed during the implementation.
Symology will liaise with the key “champion users” in each business area prior to the training courses in order to finalise the agenda/content of each course. Once the content is agreed, Symology would prepare the course content and associated documentation.
Users will be able to access the test environment following their training in order to gain further familiarity with the system prior to go-live.
Following each phase of the project going live, Symology will provide “drop-in surgeries”. End Users will be able to attend these, and raise any queries that have arisen since they started using the system.
|End-of-contract data extraction||Upon expiry or termination of the contract Symology will make all data available in XML format for input into any new system. Symology’s own schema will be utilised. This data will be available via FTP for three months from the termination/expiry of the contract. Following this three month period the customer's data will be removed. Any configuration parameters will only be relevant to the Symology Insight solution and therefore will not benefit the transition away from Symology. These parameters can be provided at part of the XML files. Symology are happy to work with customers to transition the service away from Insight within what we deem reasonable levels. We have a number of customers who have returned to Symology following the maintaining of good relations at the expiry of contracts.|
|End-of-contract process||Upon expiry or termination of the contract Symology will make all data available in XML format for input into any new system. Symology’s own schema will be utilised. This data will be available via FTP for three months from the termination/expiry of the contract. Following this three month period all customer data will be removed. Symology will develop a detailed exit management plan. Any configuration parameters will only be relevant to the Symology Insight solution and therefore will not benefit the transition away from Symology. These parameters can be provided at part of the XML files. Symology are happy to work with any customer to transition the service away from Insight within what we deem reasonable levels. We have a number of customers who returned to be Symology following the maintaining of good relations at the expiry of contracts. Any requirements beyond these can be provided at additional costs.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Insight Mobile is developed and aimed at multi-disciplined inspectors. The solution, wholly developed by Symology, offers Street Works inspectors the functionality to complete and prompt inspections, prompt FPNs, send comments, add attachments, record defective apparatus and unattributable works. It is designed to work without the requirement for an 'always-on' connection. Mobile mapping facilities allow users to select/update records as well as plot points/lines/polygons. GPS tracking facilities include the ability to trace the routes that inspectors have been taking. A planned route facility allows the inspector/gang to optimise the route and coordinate different activities to ensure maximum efficiency when on-site.|
|Accessibility standards||None or don’t know|
|Description of accessibility||Insight has been designed with consideration of accessibility features including the ability to operate with screen reading software, such as JAWS. Insight can be operated without the use of a mouse by using keyboard shortcuts and facilities are available on a user-by-user basis to change the font sizes used throughout the system and to change colour schemes. These facilities are provided to help those with disabilities such as colour blindness and/or poor eye sight. The provision of the aforementioned facilities are in line with the requirements of the Disability Discrimination Act, and the W3C’s Accessibility Initiatives.|
|Accessibility testing||All features designed with accessibility in mind are tested in line with our existing internal PQT procedures, which neither includes or excludes specifically users of assistive technology. Each of these features are included in our training courses and can be utilised by any user as required.|
|What users can and can't do using the API||
Insight offers a range of Web Services (XML/SOAP) Interfaces to interface with corporate systems. Symology's Web Portal solutions, including View It, also utilise direct interfaces. These Interface solutions are designed to allow other applications to interface directly with the various Insight modules. The aim of the Direct Interface is to receive data from "trusted sources" which can be recorded directly into the Insight database, without any form of review by an Insight user.
Typically Direct Interfaces are used to call Insight which operates as a specialist back-office product. They can be plugged in to from a corporate product, or used as an alternative to the main Insight interface, for performing the actions available to the interface.
The Direct Interfaces operate by providing a component interface to the relevant Insight module, whereby elements of the Insight application logic can be called by external applications.
Direct Interfaces are currently available for Customer Service, Asset Register, Licences, Street Works and Street Gazetteer.
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
Insight offers users considerable customisation. The web portal by which Insight is accessed will be customised in line with the customers visual identity guidelines as standard.
All screens can be controlled (no access, read-only access, update access) by permissions. Facilities are also provided on a user-by-user basis to change the font sizes used throughout the system and to change colour schemes.
Update/Enquiry dashboard grids can be customised considerably including what data is displayed. Highlighting options also allow business rules to be created to change the visualisation of the data.
Insight has an Additional Fields facility allowing users to create fields within each module to store data that may not be catered for elsewhere. These fields can be many formats and can be grouped as required. They can also be passed to Insight Mobile and made read-only if required.
Insight has extensive and customisable workflow capabilities. This is aimed at marrying a customers business processes with the Insight solution to ensure the maximum benefits are returned.
Insight's online help system can also be customised in accordance with a customers business processes.
|Independence of resources||Our Managed Service infrastructure is designed specifically for the Insight solution and its performance is continually monitored. Regular performance reports are reviewed by our dedicated Managed Service team against predetermined intervention levels for areas including but not limited to capacity (35%) and load usage (80% for sixty seconds). This guarantees we have the capacity to absorb any unexpected additional requirements. Our customers are hosted on the same logical network using a combination of network firewalls and application restrictions to prevent any ‘cross-talk’ security issues.|
|Service usage metrics||No|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||Users can export data in CSV or XML format very quickly and easily from the 'File' menu within Insight. Users select the data required to export by means of the vast array of definable enquiry data grids and then simply export to file. This file would automatically be made available via the customer web portal where it can be downloaded. Complete data sets will be provided to a customer, in a fixed XML format, on contract end/termination.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Other protection between networks||Often the level of protection is dictated by the authority customer however we always recommend customers use encrypted traffic. Symology do not support SSL 1, 2 or 3. Secure FTP traffic is encouraged although support for weak algorithms has been removed.|
|Data protection within supplier network||
|Other protection within supplier network||SFTP|
Availability and resilience
|Guaranteed availability||Symology's Managed Service has been in operation since 2006. The standard availability target is 99% and is measured between the hours of 08:30 and 17:30 although since 2006 we have actually achieved 99.8%. The Service period is 3 months. In the unlikely event that the availability falls below the target service level in any service period, the customer shall be granted a service credit against the fees for that service period. 98% -> 5%, 97% -> 10%, 96% -> 15%, 95% and below -> 20%.|
|Approach to resilience||Symology operate a dual hosting model offering an active/passive approach resulting in an extremely high level of resilience when it comes to business continuity and disaster recovery. Our hosting sites are Gyron, based in Hemel Hempstead and Virtus (provided by CoreTx), based in Slough. Both are Tier 3 data centres with ISO27001 accreditation. Half our customers use Gyron and the other half use Virtus as their active service. Each customer's solution is then mirrored every hour to the passive service be it Gyron or Virtus. All hardware is replicated exactly at the two sites. Further information is available on request.|
|Outage reporting||Service outages and availability are reported by means of a public Service Status website providing a transparent view of the availability of the Symology Hosted Services. In addition, availability is continually monitored and customer Account Managers are informed of any outages, be it planned or otherwise, that need communicating with affected customers.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Management interface and support access is controlled by means of group permissions, including but not limited, to Domain Administrators, Technical Implementation Consultants, Account Managers and Support Consultants. All access is audited and internal accreditation is required to gain access. Access is also controlled by IP address filtering ensuring those approved have access.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||ASCB with QMS International carrying out the regular auditing|
|ISO/IEC 27001 accreditation date||29/01/2015|
|What the ISO/IEC 27001 doesn’t cover||We are fully covered.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||Yes|
|Any other security accreditations||Cyber Essentials Plus|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
In additional to ISO27001 and Cyber Essentials Plus accreditations, Symology adhere to our own internal Information Security Management System. All of the components of this ISMS are periodically and systematically reviewed by both internal and external audit procedures. A nominated member of staff has been appointed by Symology’s Managing Director to be responsible for the control of all matters relating to the implementation, control and continuing audit of these procedures which are adopted and practised by all Symology employees.
Symology has adopted the process approach for developing, implementing and improving the effectiveness of its ISMS by committing to understanding business information security requirements and the need to establish policy and objectives for information security, implementing and operating controls in the context of managing the overall business risk, monitoring and reviewing the performance and effectiveness of the ISMS, continual improvement based on objective measures, communicating throughout Symology the importance of meeting all relevant statutory and regulatory requirements specifically related to its business activities and ensuring that adequate resources are determined and provided to monitor and maintain the ISMS.
Due to its secure nature, access to Symology's ISMS policy will only be made available to customers visiting our head office.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||All changes pass through a centralised, controlled approvals process which is audited. Records are retained indefinitely. Software changes pass through a PQT/QA process which also includes security testing. External-facing software is tested by two separate third parties.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Potential threats are assessed by a combination of security device monitoring and regular log reviews. Following our Cyber Essentials Plus certification requirements, our patches are rolled out within 14 days of release. We are subscribed to a number of security information services whose role it is to inform us of emerging threats. Once informed the relevance of the threat is assessed and if relevant the scope of the threat is assessed and then the mitigation is planned and documented to help monitor the progress of mitigation. The potential impact is assessed to help prioritise the mitigation effort.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Potential compromises tend to be identified by alerts generated by hardware and software security devices including but not limited to our firewalls and intrusion detection/protection devices once they have assessed the issue as warranting investigation. Logs are also monitored by a third party log monitoring tool. Once alerted, a priority service case is raised to track investigation of the issue. If there is a concern about security or the monitoring or it will be tracked back to its source and any necessary remediation of software, services or procedure will be investigated.|
|Incident management type||Supplier-defined controls|
|Incident management approach||Incident notifications come from system monitors, log monitoring or report from an individual. A priority service case is raised and stakeholders are automatically alerted. An investigation will be immediately launched to assess the source, scope and severity of the incident. Once the immediate threat has been resolved, work will be undertaken to assess the extent of the incident, trace the source and identify necessary steps to eliminate any residual effects. The response will be examined to highlight if anything could have been done differently to detect the incident sooner, reduce its impact or improve communications to the relevant parties.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£1292 to £1386 per user per year|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|