ITO World

Public Transport Data Arrival Time Prediction Engine

World-class prediction engine enabling transport operators and authorities to deliver accurate arrival time information to passengers and improve patronage. This same prediction engine also provides global journey planners such as Google Maps with arrival time predictions. It is one module of the Ito Transit Hub.


  • Ingests simple vehicle position (AVL) source data
  • Handles many different data input formats (e.g. SIRI-VM)
  • Transforms into journey prediction and stop arrival data stream
  • Data exported in industry-standard formats (e.g. SIRI-ET, GTFS-RT)
  • Uses sophisticated algorithms to deliver industry-leading accuracy
  • Handles challenges, e.g. driver behaviour, source data instability/outages
  • Use of advanced real-time metrics to optimise results
  • Architected to scale: from single operator to countrywide solution
  • Integrates with Ito Transit Model, Disruption handling and RT messaging


  • Provide accurate real-time arrival time predictions to passengers
  • Provide accurate real-time at stop information across the whole journey
  • Build passenger confidence and increase patronage through accurate information
  • Provides better/ easier to use developer tools through TfL-style API
  • Can support accurate real-time journey planning through multi-modal routing API
  • Quick issue resolution through de-bugging/ root cause analysis tools
  • Mature solution used globally
  • Trusted advisor delivery model ensures focus on customer outcomes
  • Extend capability through integration with other Ito Transit Hub modules


£50,000.00 to £5,000,000.00 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

2 3 8 7 8 3 2 7 3 1 0 8 4 8 8


ITO World Ito World
Telephone: 01473272225

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Ito Transit Hub is a modular SaaS platform that helps operators and authorities manage and distribute passenger information, for shared transportation modes. The keystone is the Integrated Transit Model, into which other services integrate, including Prediction Engine, Reporting & Analytics, Developer & Routing APIs and Disruption Messaging.
Cloud deployment model
Public cloud
Service constraints
System requirements
  • EITHER: Ito Integrated Transit Model
  • OR: standard feed with schedules matched to real-time vehicle positions
  • Schedule data updated weekly to daily
  • Real-time updated as frequently as possible (minimum every 60 seconds)
  • Persistent identifiers applied across schedule and real-time data

User support

Email or online ticketing support
Email or online ticketing
Support response times
“Business Days” means a day other than Saturday or Sunday or public holidays in the UK.

“Service Hours” 9am to 5.30pm local UK time on Business Days.

Ito will acknowledge each request within one Business Day during Service Hours. Diagnosis and any identified resolution of these issues will be managed and responded to according to the Support Levels specified below.
User can manage status and priority of support tickets
Phone support
Web chat support
Onsite support
Support levels
Customer Support requests are categorised as follows:

Major Defects that are wholly and solely in the control of Ito and that result in the loss of the majority of the Managed Service;

Material Errors that have a degradation of the quality of the Managed Service and impacts the users’ experience such as incorrect presentation of data attributes, duplication of information or intermittent loss of service;

Minor Defects that have a lesser impact upon the Managed Service experienced by the end-user.

Ito will acknowledge each request within one Business Day. Diagnosis and any identified resolution of these issues will be managed as follows, as long as the defect is found to be within Ito’s Managed Service:

Major Defects will be resolved within 1 Business Day subject to the Customer providing all requested and reasonable assistance;

Material Defects will be resolved within 5 Business Days subject to the Customer providing all requested and reasonable assistance;

Minor Defects will be resolved within 15 Business Days subject to the Customer providing all requested and reasonable assistance.

The above is included in the price and includes access to technical and product support.

Bespoke support plans are available at an additional cost.
Support available to third parties

Onboarding and offboarding

Getting started
Ito World provides an initial Set up/Onboarding process for a Customer that is appropriate for the scale and complexity of the delivery as well as the Customer’s specific requirements. This can include a range of activities from onsite/ offsite training and paper-based user documentation through to online training and documentation. The initial Set up/Onboarding details are agreed between Ito World and the Customer at the start of the engagement.
Service documentation
Documentation formats
  • PDF
  • Other
Other documentation formats
Swagger API Specification
End-of-contract data extraction
This Service is a real-time transactional system, so no data is stored unless by separate arrangement. Therefore, there is no data to extract at the end of the contract.
End-of-contract process
There are no specific end of contract costs. At the end of the contract the service will be stopped and access to the client removed. General knowledge transfer is included throughout the contract.

Using the service

Web browser interface
Application to install
Designed for use on mobile devices
Service interface
What users can and can't do using the API
Access to the data within the service can be provided via an API.
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment
Customisation available


Independence of resources
The Service is delivered using cloud-based technologies providing a scalable solution on a secure platform. Ito World use techniques including sharding, horizontal scaling and replication to ensure that service performance is always guaranteed.


Service usage metrics
Metrics types
Depending on the type of installation, Ito can provide service usage statistics if provided as an open API
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users will normally interact with the service via an API. It is also possible to provide stream-based data feeds for some specific feed types (such as SIRI)
Data export formats
Other data export formats
  • SIRI
  • JSON
  • Custom XML
Data import formats
Other data import formats
  • SIRI
  • Any custom format

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
We would also use firewall rules to restrict access for any closed APIs
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
We would also firewall rules to restrict access between network nodes

Availability and resilience

Guaranteed availability
The Ito Transit Hub modules have been engineered to operate at scale. They are designed to run 24 hours per day and be available 365 days a year. They are hosted on dynamically scaling Amazon Web Services which provide an uptime of 99.99%. The technology platform has proven capability to handle GB data sets with daily processing and delivery. Ito’s processing systems support the allocation and trip prognosis of real-time data for bus fleets numbering in the tens of thousands, with minimal latency. This capability has been demonstrated across major cities and conurbations across the UK, North America, mainland Europe, Australia, and parts of Asia.
Approach to resilience
Ito Transit Hub Modules uses cloud-based technologies provided by Amazon Web Services (AWS).This allows the provision of a resilient, scalable solution built on secure platforms. AWS has certification for compliance with ISO 27001, 27017, and 27018 with the certifications performed by independent third-party auditors. More information on AWS ISO 27001 compliance can be found here
Outage reporting
Outage reports are provided both as an API and as email alerts. We can also provide app based notifications and a public dashboard if required.

Identity and authentication

User authentication needed
User authentication
Other user authentication
Access to the service is via an API. For open APIs available publicly we use API access keys to control access to the system. For closed APIs available only to the client we use network based security measures (firewall rules etc.)
Access restrictions in management interfaces and support channels
This is not applicable for this service
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials Plus certification (in progress)

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Ito World takes a security-first approach to systems operations. For example:

- Least user privilege is standard practice on all of Ito’s production systems.

- Staff who require elevated privileges require authorisation from a senior member of staff before any access is granted.

- Security in AWS is managed through IAM users and groups.

- Different groups will be created dependent on job role with restrictions to production systems and log files applied for non-administrative users.
Information security policies and processes
Ito’s Information / Data Security Policy is communicated to all new (permanent & contracting) staff during their induction and throughout their onboarding.

All staff must read the Policy, understand their obligations and confirm this with a read-receipt notification using Ito’s HR Information System. Compliance with this policy is a condition of employment by Ito.

Staff are regularly reminded of their obligations, and their importance, during Ito’s “all hands meetings” which occur every three months.

Ito’s senior managers have clear roles and responsibility for compliance:

● COO - performs the role of Data Protection Officer
● Operations Director & IT Manager - ensure compliance across all systems, services, software and third party / cloud-based data processors.

Our security policy, standards and procedures are reviewed annually to ensure compliance with the latest standards, legislation or best practice. Policies and procedures are updated promptly following the introduction of any new legislation.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
1. Following the principles of "least user privilege", only privileges explicitly required for a particular use case are given to each role and responsibility.

2. We regularly patch all software components used in provision of services to ensure everything is up to date and any vulnerabilities are fixed.

3. All systems are documented at a technical level to ensure Ito’s administrators have all the information required to manage services securely.

4. All configuration is stored in a version control system in order to track any changes to service configuration.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Ito routinely checks its servers and services against publicised threats, as they're announced. Our managed services are based on AWS infrastructure. This is regularly tested by AWS and patched against the latest vulnerabilities.

Because our platform is provisioned from the ground up using automation tools, we can quickly create new VMs to replace existing ones using base images that have the latest system and vulnerability patches applied.

These new images are tested in our development environment, then rolled out to the live system once the platform is OK.

We receive early warning information from CISP alerts (NCSC).
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Ito uses various monitoring and alerting systems to assess services and alert team members to unusual activity. Our monitoring systems include Cloudwatch, Nagios and OpsGenie, and these systems will be monitored in line with the agreed SLA.

Ito will agree suitable communication procedures and escalations paths as part of this service.

Ito will use a ticketing system to provide support for this service. All faults/incidents will be logged within the ticketing system.
Incident management type
Supplier-defined controls
Incident management approach
Ito World’s infrastructure is designed to be resistant to disruption by design. Infrastructure is hosted on AWS, ensuring local issues affecting Ito World’s premises (power outages, flooding, fire or connectivity) cannot impact production services.

Risks identified during provisioning or review of Ito World services are assessed and addressed by the infrastructure team, or in the case of AWS-specific services, solutions are deployed in partnership with AWS.

Users report incidents primarily via email, with alert-triggering emergency email addresses for critical systems (within SLA guidelines).

Reported incidents will be followed up by the Ito World team via email in a timely manner.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£50,000.00 to £5,000,000.00 a licence a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.