Airbus Defence and Space Limited

Airbus Information on Demand Services: WMS / WMTS / WFS / APIs

Efficiently and securely stream geospatial data to your end user communities 24 hours a day, 365 days a year.

Our OGC and INSPIRE compliant WMS, WMTS and WFS services and APIs enable you to stream large data volumes, including APGB and PSMA data, served from a secure, high-availability hosting platform.


  • High volume service capability to enable your service to grow
  • High service availability
  • All services operated 24 hours a day/365 days a year
  • Stream your datasets and third party datasets, with federated options
  • INSPIRE compliant services including all ‘optional’ features
  • Data management including Change Only Updates
  • Reporting analytics on your service’s usage information and management
  • The Airbus hosting infrastructure is independently certified to ISO® 27001:2013
  • Various service support level options to suit your requirements
  • Flexibility to enhance your service, including 24x7 technical support


  • Flexibility to scale your service to your needs
  • Meet your INSPIRE requirements for data streaming services
  • Control of where your data is hosted, including public cloud
  • Harvesting, hosting and managing data types, including ‘Change Only’ Updates
  • Full audit trail and management statistics for accountability


£115.50 per unit per month

  • Free trial available

Service documents


G-Cloud 11

Service ID

3 6 1 7 3 4 2 7 8 3 2 4 7 5 2


Airbus Defence and Space Limited

Airbus Customer Service Operation Centre

+44 (0) 1633715000

Service scope

Software add-on or extension
Cloud deployment model
Hybrid cloud
Service constraints
No, there are no constraints. A notification is provided if there is planned maintenance scheduled with 5 days advance notice.
System requirements
Requires a OGC client to access OGC services

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times are based on severity and are determined by your requirements as defined in the Service Level Agreement during contractual discussions. We recognise the unique needs of each individual customer and strive to accommodate, where possible, all of your requirements in relation to answering your support questions and resolving with the tickets you raise. This could include weekend support or 24/7 support if required. Our standard response time is 4 hours.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
We offer as standard phone and email support through the Airbus Service Desk between 09:00-17:00 Monday to Friday (excluding English public holidays) with additional access to 24x7 support ticket logging via an on-line portal. The on-line portal allows customers to log new calls, view current and closed support calls, and view knowledge articles and FAQs created as part of the Knowledge Management process.

The Service Desk provides a constant first point of contact for all support queries and is resourced using dedicated support staff with the ability to maintain and support service operations on an extended hours or 24x7 basis, if required. Airbus also maintains a dedicated Customer Services Team for customer support, incident reporting and service related issues in relation to Airbus services.

A submitted issue or a query can be allocated a priority with different levels of response, our standard response time is 4 hours.

We strive to accommodate all of your requirements in relation to support levels and prices can be tailored to meet your individual needs, with technical support based on the SFIA Rate Card.

Airbus will provide an Account Manager for both managing the relationship with the customer and as a means of escalation.
Support available to third parties

Onboarding and offboarding

Getting started
Designed to be intuitive with on-site training, user documentation, customised training, FAQs and help documentation.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
Upon conclusion of the service, the following will occur:
• Arrangements are made with the customer to transfer back the latest versions of all data content if required.
• The data will be transferred using an agreed delivery mechanism based on customer requirements.
• All user accounts and data owned by the customer will be deleted.
• Data logs related to usage of the service during the contracted period will also be returned to the customer if required, together with agreed relevant audit trail information.
End-of-contract process
Prior to contract expiry we will discuss with the customer their future requirements. If this is to extend the contract term we will support the customer during their procurement process. If the requirement is to cease, or transition the service we will fulfill our obligations as described within the contract. This could include, but is not limited to, removal of all live data and the storage of archived data for a pre-defined period. All end-of-contract support will be discussed during contract negotiations

Using the service

Web browser interface
Application to install
Designed for use on mobile devices
Service interface
What users can and can't do using the API
Users may be able to access the API via a URL with a set of defined parameters. A JSON response will be returned with the search terms supplied for reference and diagnostics. When not supplied, search term elements will be omitted from the JSON response.
API documentation
API documentation formats
API sandbox or test environment
Customisation available


Independence of resources
Performance is ensured through the use of load balancer technology, duplication of server resources in server farms, provision of substantial internet bandwidth and continuous service monitoring.


Service usage metrics
Metrics types
All incoming/outgoing traffic is logged so the service can report many metrics including number of requests, number of requests by type, number and identity (username) of users/companies making the requests, daily/weekly/monthly/annual usage, datasets being requested, orders placed, spatial location and extents of requests and so on.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
View and download data through OGC services
Data export formats
Other data export formats
  • JPEG
  • TIFF
  • PNG
  • GML
  • HTML
  • XML
  • ASCII text file
  • JSON
Data import formats
Other data import formats
  • JPEG
  • TIFF
  • PNG
  • GML
  • HTML
  • XML
  • ASCII text file
  • GDB

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Our standard service availability is 99%. Enhanced service availability can also be provided to meet your requirements.
Service credits are not offered as standard for our services, but if they are required, Airbus would be happy to discuss this on a case by case basis.
Approach to resilience
Resilience is ensured through the use of load balancer technology, duplication of server resources, redundant internet connectivity, power protection (UPS) and managed RAID storage.
Outage reporting
All affected customers are notified via an email alert. Additional options include notifications through a news feed and RSS feed on the service home page, when purchased with the service.

Identity and authentication

User authentication needed
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels
Full user authentication if required and managed firewalls
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
This service is managed by the Airbus Defence and Space Intelligence (UK) Programme Line. This certification information is for Airbus Defence and Space Intelligence (UK) with offices in Guildford, Leicester, Newcastle and Newport. Any services outside of Intelligence (UK) are not covered by this certification.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials Plus
Information security policies and processes
Airbus is committed to providing good security practices, our IT infrastructure and access controls were put together following the guidelines and good practice of ISO 27002:2013, Code of Practice for Information Security Management and is compliant with the requirements of ISO 27001:2013. The Information Security Management System (ISMS) covers interlinked processes controlled by an IS Policy, covering:

* Physical and Environmental security on access control to buildings and restricted areas,
* Communications and operations of computer systems and network facilities,
* Preservation of data,
* Asset management with levels of protection,
* Information Security Incident management and reporting
* Compliance to data and information regulations
* Electronic Commerce Services
* Personnel Security Responsibilities and Information Security training
* Information System Acquisition and Development
* Business Continuity and Disaster Recovery Plan

The ISMS is the responsibility of the Deputy Managing Director in close liaison with the Security Council made up of IT personnel, Security, Facilities and Quality Assurance Managers. The objective being to maintain, develop and keep secure the information Assets in accordance with Security Policy requirements and the needs of the business and Customers. This includes availability, capacity, business continuity and security monitoring and policy.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Airbus’s well-defined process evaluates changes in order to prevent unintended incidents affecting the quality and security of our services. One key element is the consideration of security implications whereby we follow standard methods and procedures to assess and resolve any risks. The Change Management process is regularly audited internally against ISO9001 and ISO27001 to ensure it continually meets these standards. Airbus’s Configuration Management Plan identifies responsibilities and procedures, as well as technical baselines and configuration data that are to be established and maintained. The Release/Configuration Manager records what is deployed and where, and manages the versioning of all Configuration Items.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Airbus has a vulnerability management framework that will be customised for G Cloud requirements. Regular patching forms part of the overall process, information / alerts on potential threats will be provided by the relevant software vendors RedHat, Microsoft, GovCERT etc. On identification of a potential technical vulnerability, a vulnerability risk assessment is to be carried out to determine which systems are affected, the likely impact upon each and the actions or controls that are available to mitigate the associated risks. Addressing of any potential technical vulnerability is to be proportionate and timely.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Airbus will work with the customer to establish protective monitoring controls relevant to the service or solution provided. An industry standard security information and event management package will deployed to gather and analyse the collected log/event information against the protective monitoring controls. Altering or reporting of any incidents detected will also be defined and agreed with the customer.
Ensuring the correct protective monitoring controls are defined and managed over time is key to the operation of the protective monitoring system.
Incident management type
Supplier-defined controls
Incident management approach
All Security incidents are promptly reported via the BMS incident tool. The Security Council with the appropriate service team:

• initiate collection of evidence
• investigate incident;
• ensure that incident is clearly identified;
• document incident and its handling/resolution
• implement necessary immediate corrective action
• escalate within the company or to a corporate level as appropriate;
• escalate to customers or clients as appropriate;
• identify any preventive measures to be considered;
• make sure incident is reported at next meeting of the Security Council.
• inform those involved with the incident of the outcome of the investigation

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£115.50 per unit per month
Discount for educational organisations
Free trial available
Description of free trial
If you would like to carry out a trial of our service, please contact us to discuss your individual requirements.

Service documents

Return to top ↑