Deloitte offers a cloud-based Location and Geospatial Advisory Platform, allowing users to combine your own data with inbuilt granular geo-coded UK-wide data on businesses, services, demographics, amenities and transport, to provide insight into your location based decision making, supported by integrated market-leading analytics and visualisation.
- Expert supplementary location advisory available to help users apply service
- Advanced predictive analytics engine with machine learning and artificial intelligence
- Intuitive cloud-based user-interface and interactive visualization dashboards
- Can be integrated with most APIs and data sources
- Supports scenario modelling investigating impacts of estate changes
- Supports optimisation of public estate – open, close, modify services
- Pre-configured integration with data from CACI Acorn, Experian Mosaic, Census
- Pre-configured integration with standard geo-data types (.shp, long/lat, Eastings/Northings)
- Supports location based business case development and analysis
- Deployable across secure cloud environments (AWS, Azure) and onpremis
- Data driven insight to support strategic location decision making
- Easy, rapid setup, scalable infrastructure, supports large cloud data volumes
- Enterprise solution providing single-source-of-truth for location decision-making
- Actionable insights to drive improved estate performance and cost savings
- Supports digital analysis of structures using LIDAR data
- Enable integration between datasets in disparate source systems
- Support consistent Management Information (MI) and Business Intelligence (BI) reporting
- Maximise return on public sector investment through accurate demand profiling
- Determine accurate local funding based on true local authority need
- Analyse future citizen infrastructure requirements from spatial market trends
£50000 to £200000 per instance per year
- Education pricing available
- Free trial available
0207 303 0913
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||Where service constraints exist of a general nature, these and any other constraints would need to be discussed with the client, based on their circumstances. This includes constraints that are specific to the client or the client’s situation, or that need to be addressed before delivery of the service. We will rely on the client to bring to our attention before any specific constraints that need to be addressed, including those that could impact on quality, service levels, costs or duration of the engagement.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Business hours coverage for support is 0830 – 1730 UK, Monday to Friday. Emergency callout available at all other times. Example standard response times are P1 resolution target within 60 mins P2 resolution target within 2 hrs P3 resolution target within 1 business day P4 resolution target within 5 business days. Actual response times are subject to agreement in final order.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Onsite support can be provided during the implementation of the service as part of the onboarding process. After the initial phase, onsite support will need to be agreed in advance.
Onsite support can take many forms (e.g. training or customisation), therefore we would only be able to provide further information on this once we have discussed requirements.
For onsite support we will provide the resources with the required skills (technical or otherwise) to ensure the process is run efficiently and effectively.
|Support available to third parties||No|
Onboarding and offboarding
During the setup of the service Deloitte will engage with identified key members of the client team who will be trained as super users. This will be carried out through on-site training including providing hands on experience, lessons learned sessions and the provision of documentation. Documentation will be provided at the necessary level, i.e. technical and user.
All users of the system will be provided with training sessions through the use of on-site Deloitte resources. These sessions will provide the knowledge required to begin using the service. The super-users will continue this training once the service has been provided. User documentation will be accessible via the service to ensure answers to common questions are readily available.
Negotiations for further training requirements or specific needs can be carried out when agreeing the project contract.
|End-of-contract data extraction||If there are specific requirements for data extracts these can be discussed at the beginning of the contract to ensure data security and robustness are integral to this extract process.|
|End-of-contract process||During and at the end of the contract Deloitte will engage with you to best match the specific requirements that arise. Our approach will be to ensure minimal disruption to a continued service.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||No|
|Accessibility standards||WCAG 2.0 A|
|What users can and can't do using the API||The software used to build this service has the native ability to use APIs. Requirements typically depend on client's needs and specific use cases. We are happy to further discuss your requirements for using APIs with the service and will aim to meet all required functionality.|
|API documentation formats||Other|
|API sandbox or test environment||No|
|Description of customisation||
Deloitte aims to ensure the service matches your requirements and, as such, is willing to customise the service to allow compatibility. Aspects of the service that can be customised include:
• KPIs: The KPIs currently provided with the service can be updated to ensure the specific requirements of the client can be met
• Dashboards: Dashboards can be configured so that they reflect the requirements of the client
These items can be customised by the client initially during the requirements phase as well as at certain times in the project lifecycle e.g. after UAT.
Deloitte will initially complete all customisation, with an agreed approach for the duration of the contract on who carries out further work.
|Independence of resources||Through our experience of delivering solutions we recognise that periods of high traffic are common occurrences. The architecture and infrastructure of the service have been designed, built and robustly tested to ensure high concurrency rates do not impact the performance or experience of other users.|
|Service usage metrics||Yes|
Service metrics can be provided upon agreement of several factors including:
-Support requests and responses
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||Physical access control, complying with CSA CCM v3.0|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Users select inbuilt commands to export their data.|
|Data export formats||
|Data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||IPsec or TLS VPN gateway|
Availability and resilience
99.9% availability (production environment) per month, excluding a period of planned maintenance.
99% availability (test and dev environments), excluding a period of planned maintenance.
|Approach to resilience||No single points of failure within the data centre (details available on request).|
|Outage reporting||Outages are extremely rare and are reported manually.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||We restrict access in line with the requirements of handling personal data, agreed with the client's security and data protection officers. Details available on request|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BSI Assurance UK Limited|
|ISO/IEC 27001 accreditation date||01/04/2016|
|What the ISO/IEC 27001 doesn’t cover||
Deloitte’s accreditation is on our management of client data, in all its aspects, rather than being limited to one specific area of the firm.
This includes security policy, organisation if information security, asset management, human resources security, physical and environment security, communications and operations management, access control, IS systems acquisitions, development and maintenance, IS incident management and business continuity management.
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
Deloitte’s information security controls are a core element of our culture and we maintain and communicate this Information Security policy to ensure all our people have and maintain a clear understanding of what is expected of them.
Information security is delegated to the Deloitte Business Security team responsible for all IS initiatives. There is an internal dedicated Quality and Risk Management team which are the first point of contact for all advice and issues.
ISO 27001: 2005 (“Information security management systems - Requirements”) is the international standard for information security management.
All Staff and Partners have an individual responsibility to ensure their personal compliance with these policies and should seek guidance from Deloitte Business Security for further clarification if required.
There are currently 12 Policies that cover all requirements for ISO 27001: 2005 which are easily accessible and essential reading for all employees. These policies include:
1. Security Policy
2. Information Classification and Handling Policy
3. Logical Access Control Policy
4. Onboarding and Personnel Security Policy
5. Acceptable Use Policy
6. Physical Security Policy
7. System Management Policy
8. Security Incident Policy
9. Compliance and Auditing Policy
10. Business Continuity Management Policy
11. Third Party Policy
12. Confidentiality Policy
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
To manage the change process and ensure risks are mitigated we ensure change controls are in place and follow the following protocol:
1. Change request
2. Change approval
3. Plan for change
4. Test changes
5. Deliver change
All changes both to the components which make up the service and changes to the service itself will undergo this process which aims to reduce any risk of change. The review of the change will include an assessment on security, performance and functionality.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Under ISO/IEC 27001:2013 and ISO:22301 Deloitte Business Continuity (BC) programme is designed on an “all hazards” approach.
Having good working relationships and professional partnerships with other technology companies, we are updated regularly regarding potential threats. These threats are assessed and our BC programme is updated based on this new information including priority and mitigation plan.
Any changes to software implemented e.g. patches, are not immediately applied as careful consideration and testing will be required to ensure there is no negative impact.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Protective monitoring is carried out at multiple levels of the service. Potential compromises are identified by ongoing monitoring of systems by software providers, cloud providers and IT teams. Response is defined by a standard incident response including triage, classification, communication and remediation|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
The Incident Management process contains an Incident Response and Notification Process Flow whereby all incidents are raised through the support line once the incident event has occurred. Support line then:
1. Triage incident
2. Determine the path of escalation if one is required
3. Identify Incident Scenario
4. Notification and communications sent
5. Coordinate with the responding teams and monitor the incident
6. Escalate or return to triage dependent on response teams results
Incident reports are sent after each time an incident occurs.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£50000 to £200000 per instance per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||Limited trial can be provided, to be discussed individually depending on organisational needs|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Terms and conditions document||View uploaded document|