Airbus Defence and Space Limited

Airbus Information on Demand Services: WMS / WMTS / WFS / APIs

Efficiently and securely stream geospatial data to your end user communities 24 hours a day, 365 days a year.

Our OGC and INSPIRE compliant WMS, WMTS and WFS services and APIs enable you to stream large data volumes, including APGB and PSMA data, served from a secure, high-availability hosting platform.


  • High volume service capability to enable your service to grow
  • High service availability
  • All services operated 24 hours a day/365 days a year
  • Stream your datasets and third party datasets, with federated options
  • INSPIRE compliant services including all ‘optional’ features
  • Data management including Change Only Updates
  • Reporting analytics on your service’s usage information and management
  • The Airbus hosting infrastructure is independently certified to ISO® 27001:2013
  • Various service support level options to suit your requirements
  • Flexibility to enhance your service, including 24x7 technical support


  • Flexibility to scale your service to your needs
  • Meet your INSPIRE requirements for data streaming services
  • Control of where your data is hosted, including public cloud
  • Harvesting, hosting and managing data types, including ‘Change Only’ Updates
  • Full audit trail and management statistics for accountability


£115.50 per unit per month

  • Free trial available

Service documents

G-Cloud 11


Airbus Defence and Space Limited

Airbus Customer Service Operation Centre

+44 (0) 1633715000

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints No, there are no constraints. A notification is provided if there is planned maintenance scheduled with 5 days advance notice.
System requirements Requires a OGC client to access OGC services

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times are based on severity and are determined by your requirements as defined in the Service Level Agreement during contractual discussions. We recognise the unique needs of each individual customer and strive to accommodate, where possible, all of your requirements in relation to answering your support questions and resolving with the tickets you raise. This could include weekend support or 24/7 support if required. Our standard response time is 4 hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We offer as standard phone and email support through the Airbus Service Desk between 09:00-17:00 Monday to Friday (excluding English public holidays) with additional access to 24x7 support ticket logging via an on-line portal. The on-line portal allows customers to log new calls, view current and closed support calls, and view knowledge articles and FAQs created as part of the Knowledge Management process.

The Service Desk provides a constant first point of contact for all support queries and is resourced using dedicated support staff with the ability to maintain and support service operations on an extended hours or 24x7 basis, if required. Airbus also maintains a dedicated Customer Services Team for customer support, incident reporting and service related issues in relation to Airbus services.

A submitted issue or a query can be allocated a priority with different levels of response, our standard response time is 4 hours.

We strive to accommodate all of your requirements in relation to support levels and prices can be tailored to meet your individual needs, with technical support based on the SFIA Rate Card.

Airbus will provide an Account Manager for both managing the relationship with the customer and as a means of escalation.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Designed to be intuitive with on-site training, user documentation, customised training, FAQs and help documentation.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction Upon conclusion of the service, the following will occur:
• Arrangements are made with the customer to transfer back the latest versions of all data content if required.
• The data will be transferred using an agreed delivery mechanism based on customer requirements.
• All user accounts and data owned by the customer will be deleted.
• Data logs related to usage of the service during the contracted period will also be returned to the customer if required, together with agreed relevant audit trail information.
End-of-contract process Prior to contract expiry we will discuss with the customer their future requirements. If this is to extend the contract term we will support the customer during their procurement process. If the requirement is to cease, or transition the service we will fulfill our obligations as described within the contract. This could include, but is not limited to, removal of all live data and the storage of archived data for a pre-defined period. All end-of-contract support will be discussed during contract negotiations

Using the service

Using the service
Web browser interface No
Application to install No
Designed for use on mobile devices No
Service interface No
What users can and can't do using the API Users may be able to access the API via a URL with a set of defined parameters. A JSON response will be returned with the search terms supplied for reference and diagnostics. When not supplied, search term elements will be omitted from the JSON response.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available No


Independence of resources Performance is ensured through the use of load balancer technology, duplication of server resources in server farms, provision of substantial internet bandwidth and continuous service monitoring.


Service usage metrics Yes
Metrics types All incoming/outgoing traffic is logged so the service can report many metrics including number of requests, number of requests by type, number and identity (username) of users/companies making the requests, daily/weekly/monthly/annual usage, datasets being requested, orders placed, spatial location and extents of requests and so on.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach View and download data through OGC services
Data export formats Other
Other data export formats
  • JPEG
  • TIFF
  • PNG
  • GML
  • HTML
  • XML
  • ASCII text file
  • JSON
Data import formats Other
Other data import formats
  • JPEG
  • TIFF
  • PNG
  • GML
  • HTML
  • XML
  • ASCII text file
  • GDB

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Our standard service availability is 99%. Enhanced service availability can also be provided to meet your requirements.
Service credits are not offered as standard for our services, but if they are required, Airbus would be happy to discuss this on a case by case basis.
Approach to resilience Resilience is ensured through the use of load balancer technology, duplication of server resources, redundant internet connectivity, power protection (UPS) and managed RAID storage.
Outage reporting All affected customers are notified via an email alert. Additional options include notifications through a news feed and RSS feed on the service home page, when purchased with the service.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels Full user authentication if required and managed firewalls
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 23/04/2018
What the ISO/IEC 27001 doesn’t cover This service is managed by the Airbus Defence and Space Intelligence (UK) Programme Line. This certification information is for Airbus Defence and Space Intelligence (UK) with offices in Guildford, Leicester, Newcastle and Newport. Any services outside of Intelligence (UK) are not covered by this certification.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Cyber Essentials Plus
Information security policies and processes Airbus is committed to providing good security practices, our IT infrastructure and access controls were put together following the guidelines and good practice of ISO 27002:2013, Code of Practice for Information Security Management and is compliant with the requirements of ISO 27001:2013. The Information Security Management System (ISMS) covers interlinked processes controlled by an IS Policy, covering:

* Physical and Environmental security on access control to buildings and restricted areas,
* Communications and operations of computer systems and network facilities,
* Preservation of data,
* Asset management with levels of protection,
* Information Security Incident management and reporting
* Compliance to data and information regulations
* Electronic Commerce Services
* Personnel Security Responsibilities and Information Security training
* Information System Acquisition and Development
* Business Continuity and Disaster Recovery Plan

The ISMS is the responsibility of the Deputy Managing Director in close liaison with the Security Council made up of IT personnel, Security, Facilities and Quality Assurance Managers. The objective being to maintain, develop and keep secure the information Assets in accordance with Security Policy requirements and the needs of the business and Customers. This includes availability, capacity, business continuity and security monitoring and policy.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Airbus’s well-defined process evaluates changes in order to prevent unintended incidents affecting the quality and security of our services. One key element is the consideration of security implications whereby we follow standard methods and procedures to assess and resolve any risks. The Change Management process is regularly audited internally against ISO9001 and ISO27001 to ensure it continually meets these standards. Airbus’s Configuration Management Plan identifies responsibilities and procedures, as well as technical baselines and configuration data that are to be established and maintained. The Release/Configuration Manager records what is deployed and where, and manages the versioning of all Configuration Items.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Airbus has a vulnerability management framework that will be customised for G Cloud requirements. Regular patching forms part of the overall process, information / alerts on potential threats will be provided by the relevant software vendors RedHat, Microsoft, GovCERT etc. On identification of a potential technical vulnerability, a vulnerability risk assessment is to be carried out to determine which systems are affected, the likely impact upon each and the actions or controls that are available to mitigate the associated risks. Addressing of any potential technical vulnerability is to be proportionate and timely.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Airbus will work with the customer to establish protective monitoring controls relevant to the service or solution provided. An industry standard security information and event management package will deployed to gather and analyse the collected log/event information against the protective monitoring controls. Altering or reporting of any incidents detected will also be defined and agreed with the customer.
Ensuring the correct protective monitoring controls are defined and managed over time is key to the operation of the protective monitoring system.
Incident management type Supplier-defined controls
Incident management approach All Security incidents are promptly reported via the BMS incident tool. The Security Council with the appropriate service team:

• initiate collection of evidence
• investigate incident;
• ensure that incident is clearly identified;
• document incident and its handling/resolution
• implement necessary immediate corrective action
• escalate within the company or to a corporate level as appropriate;
• escalate to customers or clients as appropriate;
• identify any preventive measures to be considered;
• make sure incident is reported at next meeting of the Security Council.
• inform those involved with the incident of the outcome of the investigation

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £115.50 per unit per month
Discount for educational organisations No
Free trial available Yes
Description of free trial If you would like to carry out a trial of our service, please contact us to discuss your individual requirements.

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑