ITO World

Public Transport Data Arrival Time Prediction Engine

World-class prediction engine enabling transport operators and authorities to deliver accurate arrival time information to passengers and improve patronage. This same prediction engine also provides global journey planners such as Google Maps with arrival time predictions. It is one module of the Ito Transit Hub.

Features

  • Ingests simple vehicle position (AVL) source data
  • Handles many different data input formats (e.g. SIRI-VM)
  • Transforms into journey prediction and stop arrival data stream
  • Data exported in industry-standard formats (e.g. SIRI-ET, GTFS-RT)
  • Uses sophisticated algorithms to deliver industry-leading accuracy
  • Handles challenges, e.g. driver behaviour, source data instability/outages
  • Use of advanced real-time metrics to optimise results
  • Architected to scale: from single operator to countrywide solution
  • Integrates with Ito Transit Model, Disruption handling and RT messaging

Benefits

  • Provide accurate real-time arrival time predictions to passengers
  • Provide accurate real-time at stop information across the whole journey
  • Build passenger confidence and increase patronage through accurate information
  • Provides better/ easier to use developer tools through TfL-style API
  • Can support accurate real-time journey planning through multi-modal routing API
  • Quick issue resolution through de-bugging/ root cause analysis tools
  • Mature solution used globally
  • Trusted advisor delivery model ensures focus on customer outcomes
  • Extend capability through integration with other Ito Transit Hub modules

Pricing

£50,000.00 to £5,000,000.00 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@itoworld.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

2 3 8 7 8 3 2 7 3 1 0 8 4 8 8

Contact

ITO World Ito World
Telephone: 01473272225
Email: sales@itoworld.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Ito Transit Hub is a modular SaaS platform that helps operators and authorities manage and distribute passenger information, for shared transportation modes. The keystone is the Integrated Transit Model, into which other services integrate, including Prediction Engine, Reporting & Analytics, Developer & Routing APIs and Disruption Messaging.
Cloud deployment model
Public cloud
Service constraints
No
System requirements
  • EITHER: Ito Integrated Transit Model
  • OR: standard feed with schedules matched to real-time vehicle positions
  • Schedule data updated weekly to daily
  • Real-time updated as frequently as possible (minimum every 60 seconds)
  • Persistent identifiers applied across schedule and real-time data

User support

Email or online ticketing support
Email or online ticketing
Support response times
“Business Days” means a day other than Saturday or Sunday or public holidays in the UK.

“Service Hours” 9am to 5.30pm local UK time on Business Days.

Ito will acknowledge each request within one Business Day during Service Hours. Diagnosis and any identified resolution of these issues will be managed and responded to according to the Support Levels specified below.
User can manage status and priority of support tickets
No
Phone support
No
Web chat support
No
Onsite support
No
Support levels
Customer Support requests are categorised as follows:

Major Defects that are wholly and solely in the control of Ito and that result in the loss of the majority of the Managed Service;

Material Errors that have a degradation of the quality of the Managed Service and impacts the users’ experience such as incorrect presentation of data attributes, duplication of information or intermittent loss of service;

Minor Defects that have a lesser impact upon the Managed Service experienced by the end-user.

Ito will acknowledge each request within one Business Day. Diagnosis and any identified resolution of these issues will be managed as follows, as long as the defect is found to be within Ito’s Managed Service:

Major Defects will be resolved within 1 Business Day subject to the Customer providing all requested and reasonable assistance;

Material Defects will be resolved within 5 Business Days subject to the Customer providing all requested and reasonable assistance;

Minor Defects will be resolved within 15 Business Days subject to the Customer providing all requested and reasonable assistance.

The above is included in the price and includes access to technical and product support.

Bespoke support plans are available at an additional cost.
Support available to third parties
No

Onboarding and offboarding

Getting started
Ito World provides an initial Set up/Onboarding process for a Customer that is appropriate for the scale and complexity of the delivery as well as the Customer’s specific requirements. This can include a range of activities from onsite/ offsite training and paper-based user documentation through to online training and documentation. The initial Set up/Onboarding details are agreed between Ito World and the Customer at the start of the engagement.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
Swagger API Specification
End-of-contract data extraction
This Service is a real-time transactional system, so no data is stored unless by separate arrangement. Therefore, there is no data to extract at the end of the contract.
End-of-contract process
There are no specific end of contract costs. At the end of the contract the service will be stopped and access to the client removed. General knowledge transfer is included throughout the contract.

Using the service

Web browser interface
No
Application to install
No
Designed for use on mobile devices
No
Service interface
No
API
Yes
What users can and can't do using the API
Access to the data within the service can be provided via an API.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment
Yes
Customisation available
No

Scaling

Independence of resources
The Service is delivered using cloud-based technologies providing a scalable solution on a secure platform. Ito World use techniques including sharding, horizontal scaling and replication to ensure that service performance is always guaranteed.

Analytics

Service usage metrics
Yes
Metrics types
Depending on the type of installation, Ito can provide service usage statistics if provided as an open API
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users will normally interact with the service via an API. It is also possible to provide stream-based data feeds for some specific feed types (such as SIRI)
Data export formats
Other
Other data export formats
  • SIRI
  • JSON
  • Custom XML
  • GTFS-RT
Data import formats
Other
Other data import formats
  • SIRI
  • GTFS-RT
  • Any custom format

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
We would also use firewall rules to restrict access for any closed APIs
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
We would also firewall rules to restrict access between network nodes

Availability and resilience

Guaranteed availability
The Ito Transit Hub modules have been engineered to operate at scale. They are designed to run 24 hours per day and be available 365 days a year. They are hosted on dynamically scaling Amazon Web Services which provide an uptime of 99.99%. The technology platform has proven capability to handle GB data sets with daily processing and delivery. Ito’s processing systems support the allocation and trip prognosis of real-time data for bus fleets numbering in the tens of thousands, with minimal latency. This capability has been demonstrated across major cities and conurbations across the UK, North America, mainland Europe, Australia, and parts of Asia.
Approach to resilience
Ito Transit Hub Modules uses cloud-based technologies provided by Amazon Web Services (AWS).This allows the provision of a resilient, scalable solution built on secure platforms. AWS has certification for compliance with ISO 27001, 27017, and 27018 with the certifications performed by independent third-party auditors. More information on AWS ISO 27001 compliance can be found here https://aws.amazon.com/compliance/iso-27001-faqs/.
Outage reporting
Outage reports are provided both as an API and as email alerts. We can also provide app based notifications and a public dashboard if required.

Identity and authentication

User authentication needed
Yes
User authentication
Other
Other user authentication
Access to the service is via an API. For open APIs available publicly we use API access keys to control access to the system. For closed APIs available only to the client we use network based security measures (firewall rules etc.)
Access restrictions in management interfaces and support channels
This is not applicable for this service
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials Plus certification (in progress)

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Ito World takes a security-first approach to systems operations. For example:

- Least user privilege is standard practice on all of Ito’s production systems.

- Staff who require elevated privileges require authorisation from a senior member of staff before any access is granted.

- Security in AWS is managed through IAM users and groups.

- Different groups will be created dependent on job role with restrictions to production systems and log files applied for non-administrative users.
Information security policies and processes
Ito’s Information / Data Security Policy is communicated to all new (permanent & contracting) staff during their induction and throughout their onboarding.

All staff must read the Policy, understand their obligations and confirm this with a read-receipt notification using Ito’s HR Information System. Compliance with this policy is a condition of employment by Ito.

Staff are regularly reminded of their obligations, and their importance, during Ito’s “all hands meetings” which occur every three months.

Ito’s senior managers have clear roles and responsibility for compliance:

● COO - performs the role of Data Protection Officer
● Operations Director & IT Manager - ensure compliance across all systems, services, software and third party / cloud-based data processors.

Our security policy, standards and procedures are reviewed annually to ensure compliance with the latest standards, legislation or best practice. Policies and procedures are updated promptly following the introduction of any new legislation.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
1. Following the principles of "least user privilege", only privileges explicitly required for a particular use case are given to each role and responsibility.

2. We regularly patch all software components used in provision of services to ensure everything is up to date and any vulnerabilities are fixed.

3. All systems are documented at a technical level to ensure Ito’s administrators have all the information required to manage services securely.

4. All configuration is stored in a version control system in order to track any changes to service configuration.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Ito routinely checks its servers and services against publicised threats, as they're announced. Our managed services are based on AWS infrastructure. This is regularly tested by AWS and patched against the latest vulnerabilities.

Because our platform is provisioned from the ground up using automation tools, we can quickly create new VMs to replace existing ones using base images that have the latest system and vulnerability patches applied.

These new images are tested in our development environment, then rolled out to the live system once the platform is OK.

We receive early warning information from CISP alerts (NCSC).
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Ito uses various monitoring and alerting systems to assess services and alert team members to unusual activity. Our monitoring systems include Cloudwatch, Nagios and OpsGenie, and these systems will be monitored in line with the agreed SLA.

Ito will agree suitable communication procedures and escalations paths as part of this service.

Ito will use a ticketing system to provide support for this service. All faults/incidents will be logged within the ticketing system.
Incident management type
Supplier-defined controls
Incident management approach
Ito World’s infrastructure is designed to be resistant to disruption by design. Infrastructure is hosted on AWS, ensuring local issues affecting Ito World’s premises (power outages, flooding, fire or connectivity) cannot impact production services.

Risks identified during provisioning or review of Ito World services are assessed and addressed by the infrastructure team, or in the case of AWS-specific services, solutions are deployed in partnership with AWS.

Users report incidents primarily via email, with alert-triggering emergency email addresses for critical systems (within SLA guidelines).

Reported incidents will be followed up by the Ito World team via email in a timely manner.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£50,000.00 to £5,000,000.00 a licence a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@itoworld.com. Tell them what format you need. It will help if you say what assistive technology you use.