W.D.M.Limited

WDM Integrated Asset Management System (WDM IAMS)

WDM IAMS is a comprehensive Highways and Environmental Asset Management System that incorporates 30 years of experience of working in partnership with central and local government clients. The fully integrated mapping and mobile working tools make it a perfect and fully integrated solution for a modern Asset Management System.

Features

• Fully integrated mapping tools
• Fully configurable asset definitions
• Works ordering and flexible work flows & financial/contract management
• Management of scheduled and reactive maintenance programmes
• Mobile Working (on-line and off-line features)
• Public facing map based enquiry reporting and enquiry management
• Flexible Document Management capability
• Street Works Noticing/Permitting & NSG Maintenance functions
• Comprehensive reporting, dashboard and query facilities
• Interfacing capability to external corporate systems

Benefits

• Fully integrated and centred around flexible network referencing system
• Highly configurable-options to adapt workflow and logic from standard build
• User Groups and highway authority partnerships influence system development
• Core system includes integrated mapping and reporting tools
• Combinations of modules/functions can be added to the core system
• Modules include: Street Works, Public enquiries, Lighting, RMMS, Structures
• Modules Include: UKPMS, WDM PMS, NSG management, Financial/Contract Management, Accidents
• 12 other modules/functions available and priced in the Pricing Document
• Mobile working supports multiple operations (inspection, defect repair, asset editing)
• Comprehensive document management/reporting tools relevant to each function

£200 to £400 a user a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Framework

G-Cloud 12

Service ID

368071192523707

Contact

Graeme Paterson
07866463992
graemep@wdm.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Updates and patching will be scheduled as required to ensure the system remains secure and reliable. This will generally be in out-of-hours periods. However, notice will be given where any planned maintenance may be necessary within the period from 8am to 6pm.
• System requirements:
  • Up to date Web Browser (supported versions supplied)
  • Valid email address for named users
  • Web Browser based Mobile Working (operates both offline and online)
  • All software, system and security is managed within hosted environment

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support provided between the hours of 08:00-18:00 Monday to Friday (excluding Bank Holidays). Emails populate the support ticketing system with telephone support backup for the purposes of assisting the Client with the proper use of the Software or the Service and/or determining the cause of any errors and using reasonable endeavours to fix errors in the Software or the Service. ; ; Support system is monitored during these hours by 1st line support team and prioritisation is assessed for urgency. Auto-emailed responses as enquiry progresses to completion.; ; Priority 1: 4 working hours; Priority 2: 1 working day; Priority 3: agreed with client
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: There is one level of support: Help-desk and secure support site are the primary vehicles to manage that. An Account Manager will be assigned to each client and they will manage if any additional prioritisation is required, if any requests are change/control requests and whether charges are required and also any escalation that may be required.; ; There is availability for providing dedicated support resources through the service and prices are provided via the G-Cloud12 Rate Card pricing document.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onboarding is achieved via a Requirements Capture Process. This is undertaken with the client on-site to: demonstrate the standard build of the system, determine any configuration requirements outside of the standard build and agree data migration, training requirements and procedures for User Acceptance Testing and Go-live. This process is led by the WDM Account Manager assigned to the project and they will project manage the delivery. The Account Manager will work with the Build Team assigned to the project to deliver the service and to liaise with the client's Project Team regarding progress and milestones.; ; Following Go-live, the day to day support will be passed to the Support Teams but the Account Manager will generally retain overall control of the project to retain continuity. ; ; Training resources will be provided - More recently, this takes the form of training videos that are deployed via the software management console and this seems to work very well.; ; All charges associated with migration, configuration from the standard build and implementation will be agreed with client in advance.
• Service documentation: Yes
• Documentation formats: Other
• Other documentation formats:
  • Training Videos (mpeg4) deployed directly from the Software
  • Some documentation not appropriate for Video will still be PDF
• End-of-contract data extraction: Client Admins can have any table or view of the data published with the ad-hoc query tool which in turn supports download in a number of formats (CSV, XML, Shape Files, Mapinfo, KML - the last three obviously only for Spatial datasets). ; ; On termination of the Contract, WDM can also make the data available via their SFTP site for a period of three months following termination.
• End-of-contract process: As explained above, the client will have access to download their own data free of charge. If WDM are extracting the data then only time will be charged at the hourly rates quoted in the G-Cloud12 Rate Card pricing document - This will vary depending on the extent of the system and can be agreed in advance of the Contract starting.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The back-office systems are on-line Web Browser based and so mobile devices can be used where Internet is available. Tablet modes are available for some tools where appropriate. The system is designed to generally be tablet friendly - e.g. using menus rather small icons etc.; ; Mobile Working tools are designed specifically for mobile devices and can work on-line and off-line
• Service interface: Yes
• Description of service interface: The service is accessed via a Web Browser url which opens a Management Console called "AppCentre" from which all Web Browser based application url's are launched (dependent on user security).
• Accessibility standards: None or don’t know
• Description of accessibility: We have worked with central government clients to ensure that software, where appropriate, particularly public facing apps, complied with their standards based on WCAG2.1A. In addition, the wide use of bootstrapping in developments ensures standardisation of tools for accessibility. Text is widely used in addition to graphics.
• Accessibility testing: Development in conjunction with central government clients to ensure assistive technology is appropriate for purpose.
• API: Yes
• What users can and can't do using the API: Some parts of the service currently have an API but this is primarily relating to interfacing with external systems at present (e.g. FixMySteet, CMS interfacing etc.). API development is part of the WDM RoadMap and that project is well underway. Developments include creating defects & enquiries, asset viewing/editing, mapping links all with full audit trail. The intention would be for the whole service to be API based by 2022.
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The service is highly configurable without requiring software development e.g. work flow, logic rules, screen layouts, grids, asset attributes/lookups, published map layers,; ; In general, customisation would be a client Admins role. Training can be provided. In practice, most clients use WDM Support to help with customisation. The time may be chargeable if a significant amount of work for the supplier at the rates supplied in the G-Cloud12 Rate Card Pricing document.

Scaling

• Independence of resources: The cloud hosting service is scaled for more than the number of users specified and assuming they are all working concurrently. Sufficient redundancy is scaled as part of that initial system scaling. ; ; The hosted system is continually monitored to ensure that capacity and speed remains fit for purpose and extra resources can be assigned as appropriate.

Analytics

• Service usage metrics: Yes
• Metrics types: Scheduled reporting can deliver metrics to reporting dashboard.; Charting application can provide real time user metrics.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: A number of tools are provided for export. All formatted reports are accessed on-line and are downloaded via the browser. Auto-emailing is supported for scheduled reports.; ; Web Query Builder tools allow any dataset to be queried/filtered and downloaded in a number of formats (CSV, Excel, various spatial formats if appropriate etc). The queries can also be saved and scheduled to export to an Open Data Repository or Sharepoint. These can be made available via URL for access via external Analytical Tools. Configurable XML import/export software is available as part of the service. Time may be charged to support this aspect.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • Shape File (if Spatial data)
  • MapInfo format (if spatial data)
  • KML (if spatial data)
  • Word (formatted reports)
  • PDF (formatted reports)
  • CSV
• Data import formats: Other
• Other data import formats:
  • XML (using XML Importer) - configurable to suit data type
  • HMDIF for UKPMS datasets
  • MifMid for spatial data sets where appropriate
  • Document system to store main office formats

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We currently achieve the following Service Levels and these are measured and reviewed as part of our ISO 27001 ISMS: Access and availability of the systems at least 98% per year. We actually achieve at least 99.9% to date (equates to 8.76 hours downtime per year). Access to Customer support 08:00 to 18:00, Monday to Friday 5 days a week, not including Bank Holidays at least 98% at all times. Any failures to meet these SLA's will be escalated to the Management Team and appropriate action taken to resolve in discussion with the client.
• Approach to resilience: The primary cloud hosting environment is Amazon(UK) cloud services and resilience is well documented. Further details can be provided on request. Some existing clients are hosted via WDM's own data centre which may be continued where existing clients use G-cloud to continue their system supply.This WDM hosted system is operated across two redundant sites in Bristol. Each site has dedicated ISP circuits and all critical components are mirrored between the sites. Disaster recovery procedures are all tested annually for both options. Further details can be provided upon request.
• Outage reporting: The hosted system provides an authenticated monitoring dashboard indicating service health. Email alerts can also be configured to alert for specific predefined conditions.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: The hosted system implements ISO 27001 controls and is certified by BSI. The hosted system is a discrete and separate system from the WDM corporate system. Administration of the hosted system is segregated from corporate accounts allowing for task specific authorisation and monitoring to be implemented. Logs are collected and protected within an intrusion detection system, providing monitoring and alerting for system changes and resource usage.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: Initial accreditation 05/07/2017 (re-accreditation 05/07/2020 to 04/07/2023)
• What the ISO/IEC 27001 doesn’t cover: Certification does NOT cover ICT equipment, hardware and software on the premises of the ICT System User. Nor does it cover ICT infrastructure such as internet or network connectivity or the third party suppliers of the ICT System User and its agents. Scope is limited to; The Information Security Management System in relation to the provision of Software as a Service and Ancillary Hosted Services. This is in accordance with the Statement of Applicability version 19.00 (June 2020). View only access to the SOA is available upon request.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: The management system supports how the company will achieve its business objectives and the requirements of management standards that the company adopts for business in the UK and overseas.; ; These include: ISO 9001 for quality; ISO 14001 for environment; ISO27001 for information security; and BS OHSAS 18001 for occupational health and safety and Cyber Essentials.; ; The managing director requires that the company follows management systems to ensure products and services meet customer determined requirements and satisfy regulatory bodies. The programme is directed from the top of the company, and all directors, sector heads, managers, supervisors and employees must make a full contribution to the implementation, development and maintenance of management systems.; ; The management system manual provides a framework for the establishment of leadership,responsibility, competence and the management of documented information.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The hosted system is managed using WDM's ISO9001 and 27001 certified CRUMPET management system. All change management is booked, scheduled, and authorised via this system.; ; All WDM software updates are deployed using WDM's Hosting Hub platform to ensure an immutable installation process to guard against unintentional security properties being changed. ; ; Hosting hub and Crumpet are integrated systems which provide full visibility of the change management process. Changes can be tracked and reviewed back to customer requirements and authorisations.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Software patching for security fixes are on an automated schedule which are deployed through the change management process. (Release candidate followed by A/B group releases). ; ; WDM Operate an application security assurance programme and regularly scan and test the infrastructure for vulnerabilities. Vulnerabilities are risk assessed and prioritised for remediation. Remediation can be immediate, Overnight, or next available maintenance window dependent on the risk assessment.; ; We subscribe to vendor alerts and are members of the NCSC Information Sharing partnership.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The web applications are protected by a Web application firewall which scans the requests for malicious activity, blocking and alerting upon suspicious requests. ; ; WDM Operate an intrusion detection suite which receives heterogeneous logs from across the infrastructure and provides insights, reporting and alerting to inform the security status of the system. ; ; WDM Participate in the NSCS CiSP information sharing partnership and receive alerts and indicators of compromises which are loaded into the intrusion detection system.
• Incident management type: Supplier-defined controls
• Incident management approach: WDM, as part of the ISO 27001 certified ISMS, operate a security Incident and Investigation Process. This can be made available upon separate request to your account manager.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £200 to £400 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF