Open Data management and dissemination system for Public Transport Real Time Journey Information for users, purchasers and providers of public transport
- Open Data API
- Open Data Publishing
- Contract management for supported and tendered services
- Historic route and vehicle performance reporting
- On and Off street information
- Real Time information to passengers via multiple methods
- Service Disruption Information
- Real time control systems for operators
- publishing of datasets
- import of data
- Provides information to allow passengers to make informed choices
- Allows integration of on street, on bus and digital information
- Influence travel behaviour and this encourage modal shift
- Service Disruption Management
- Publishing of information to customers
- Management of open data feeds
- Provides contract management reporting for supported and tendered public transport
- Provides reporting that improves the efficiency of public transport provision
£12000 per instance per year
R2P Systems UK Ltd
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|System requirements||Browser based, works on any platform|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Within 24 hours Monday - Friday.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
working days by call,
24/7 by email
Standard support response times 8 Business Hours
Account Manager with monthly performance reporting.
|Support available to third parties||Yes|
Onboarding and offboarding
We will create a new instance of the system and can assist the buyer if required through the process of obtaining data feeds and configuring the system to use them.
Training can be provided by webcast or onsite if required.
If https or VPNs to secure the data connections are a requirement then Nimbus will set these up for the user.
|End-of-contract data extraction||Data is able to be exported in a range of data formats using the reporting tools by the buyer.|
|End-of-contract process||We will cease to accept incoming live data feeds and allow a period of time for the buyer to export their data.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
The public facing services are provided with fully responsive design.
Some management functionality is most effectively carried out using a desktop or laptop as the volume of information presented on a screen is significant.
|Accessibility standards||WCAG 2.0 A|
|Accessibility testing||Use of automated test tools|
|What users can and can't do using the API||
Allows access to the live processed data and to the historical data.
Initial system setup required desktop access.
Once configured all data can be imported or exported using the API
|API documentation formats||
|API sandbox or test environment||No|
|Description of customisation||
The data reporting tools allow custom reports and dashboards to be created by authorised users.
Support for customised format data feeds for incoming and outgoing date is possible by Nimbus engineers
|Independence of resources||Each customer instance operates within its own virtual machine and managed bandwidth.|
|Service usage metrics||Yes|
Typical metrics used are:
Volume of incoming data
Quality of incoming Data
Volume of data requests from API
Volume of Requests from website
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||The reporting tools enable the export of data is in a range of formats and criteria.|
|Data export formats||
|Other data export formats||JSON|
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
|Other protection within supplier network||Use of firewalls and layer 3 switched network communications with subnetting|
Availability and resilience
Faults shall be classified and addressed as:
Critical - Any fault affecting the provision of information to more than one feed (e.g. server fault, general communications fault) - within eight (8) hours. This will be defined as not being met where either: (i) Resolution takes longer than eight (8) hours, or (ii) Resolution takes less than eight (8) hours but the System becomes unavailable again within 1 working day from the time of resolution.
Important - Any faults affecting the provision of information to a single feed - within three (3) working days. This will be defined as not being met where either: (i) Resolution takes longer than three (3) working days, or (ii) Resolution takes less than three (3) working days but the System becomes unavailable again within one (1) working day from the time of resolution.
Standard offered SLA is 99% availability.
Refunds based on service credits against future month charges where Critical Faults not resolved in agreed times at rate of 3% per full day of service unavailable beyond SLA.
|Approach to resilience||Details available on request.|
IConnex has significant self monitoring capability
Visual and/or audio alerts are issued within iConnex for the attention of user at the same time as the calls are automatically raised within the Fault Management System and e-mail and or text notifications sent to pre-defined personnel.
This is augmented by technical support monitoring.
System includes a dashboard presenting the status of all incoming and outgoing data feeds.
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||
Permissions are managed through groups.
Groups control what menu's and data is available to the user.
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||Other|
|Other security governance standards||Cyber Essentials|
|Information security policies and processes||
The Managing Director has overall responsibility for Information security and governance.
The General Manager has day to day oversight and is responsible for deliver of the information organisational policies. General Manager is a board member.
Included in induction process.
Awareness and update briefings held.
Regular testing of compliance and reviews of system configuration take place.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Our configuration and change management forms part of our ISO9001 certification.
All elements of software and infrastructure are under configuration management. software is fully version controlled with ability for roll back.
Our Fault Management system is used to track all changes to implemented systems and manage the processes, customer access to the FMS allow for full visibility of a systems history.
Before sign off, all changes are reviewed for governance, security, operational and functionality.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
We undertake constant review of trade press and news statements for any threats to core IT systems, membership of transport trade groups for domain specific awareness. Security forms part of regular customer reviews to enable customer specific threats to be identified.
Security updates to operating system and related components including off the shelf software are configured to automatically install.
The information governance process includes risk assessment of security threats.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Regular reviews of system usage incl user logins, system automatically reports above defined levels of increased system use.
Any potential or actual compromise becomes a critical incident with immediate response with customer and Director involvement. Critical incident management is available 24/7.
If feasible first response is to make system inaccessible, leaving it running for any forensic analysis that may be needed.
|Incident management type||Supplier-defined controls|
|Incident management approach||
The FMS provides a controlled framework for the identification, recording, progressing, closing and analysis of faults enabling rapid reporting of standard incident types.
Faults can be reported by telephone (via a dedicated Customer Support line which will be answered by Customer Support personnel and not an automated voice system), email or web interface.
The FMS allows the Service Manager or authorised personnel to view status of all tickets – open or closed – with the ability to drill down to details. Changes to ticket status will be notified by automated email.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£12000 per instance per year|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|