IBI Group UK Ltd

ASSIST (ASSet Information SysTem) with Open API

ASSIST is a secure, customisable platform for viewing and querying highways asset data that has evolved from our RouteMapper service. It allows users to seamlessly move from one asset view to another across imagery, mapping and LiDAR point clouds, and perform complex queries on asset data via a simple interface.

Features

  • Remote, browser-based access
  • Road imagery viewer
  • LiDAR data viewer
  • Inventory map viewer
  • Scalable multi user access via single sign-on
  • Multiple, interchangeable, views on the same asset
  • Individual user views saved on exit
  • On road measurement, can measure any object in LiDAR
  • Query results export
  • Reporting module

Benefits

  • Secure, role based access to data
  • User management system provided as standard
  • Very simple interface for asset queries
  • Time-stamped imagery, no ambiguity on the date collected
  • Highly accurate measurement of assets from the office
  • Compare asset details via images, LiDAR and maps
  • Drill down into the details of each asset
  • Compare multiple assets across different views
  • Generate reports and export data
  • Check condition of assets and validate highway works undertaken

Pricing

£16000 per licence per year

Service documents

G-Cloud 9

410086120981469

IBI Group UK Ltd

Colin Wilson

0141 331 4500

uk_intelbd@ibigroup.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints Production Users will be informed of any downtime / maintenance in advance, and all maintenance activities that could result in service degradation or unavailability will attempted to be undertaken outside of the normal working day (8:30am to 5:30pm). The service will be operable outside of these hours, when maintenance is not taking place.
Users will be informed in advance of planned maintenance and downtime to any of the environments to which they have access via email. Where possible, at least one week’s advance notice will be given.
System requirements Client browser must be JavaScript-enabled

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Critical fault; within 1hr. Non critical fault, no workaround; 8hrs. With workaround; 24hrs. Minor defect; 48hrs.

Response times do not include weekend support.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels Email and telephone support is provided during office hours. Issues are generally triaged by a maintenance manager who will ensure that they are reported to the correct team for resolution. A technical account manager oversees customer support as standard.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started The on-boarding process should be completed within a maximum of six weeks of the order being confirmed, dependent on the volume of data and account configuration that is required. The process will begin with a service initiation meeting with the customer to confirm the various elements of configuration that will be required and to review the customer's data and available interfaces. A training webinar will be made available as part of the onboarding process.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction If storage of customer data sets in the cloud has been requested these data sets will be made available to the customer within one month of the notification that the subscription will not be renewed and up to three months following the end of the subscription period.
Data will be provided on hard drive(s) back to the customer after which IBI Group will purge and destroy all customer data from its systems including any logs and archives that have built up with use.
End-of-contract process Customer access to ASSIST will be rescinded at the end of the contract,

If storage of customer data sets in the cloud has been requested these data sets will be made available to the customer within one month of the notification that the subscription will not be renewed and up to three months following the end of the subscription period as previously indicated. There will be no additional costs to the customer for data cleansing.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service ASSIST has been designed using responsive design techniques and will scale accordingly over the various devices.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Interface testing has been undertaken in-house.
API Yes
What users can and can't do using the API The introduction of an open API into ASSIST gives the Client the ability to choose from a pool of different developers to create additional modules as required. Once licensing has taken effect the Client can instruct third party developers to build additional functionality into the core API (the Client must retain possession of the License however, as resale is not permitted under GCloud 9).
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Asset data, images and LiDAR are all customised to the client's requirements within ASSIST. In addition ASSIST API provides a framework that allows developers to create packages within the Dashboard environment on which ASSIST is based.

Scaling

Scaling
Independence of resources ASSIST is a single-tenant application in that everything happens in the browser and there are no shared resources.
The API spins up a new instance per request and each instance runs in its own application pool.
IIS handles the application pool management using available resources on the server. The server can be clustered so that it scales.

Analytics

Analytics
Service usage metrics Yes
Metrics types IBI Group can provide reporting on system usage, on a weekly or monthly basis, including data downloads, individual usage and other targeted reporting. This feature can be included automatically for a fee, or on an ad hoc basis.
Reporting types Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Modules within ASSIST provide data export facilities
Data export formats
  • CSV
  • Other
Other data export formats Exporter module is extensible-can be configured for other formats
Data import formats
  • CSV
  • Other
Other data import formats
  • Shapefiles
  • JPEG
  • XLS
  • LAS

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability 99.9% up time is guaranteed during office hours. There is no standard SLA for the ASSIST service, but one can be agreed with the customer if required.
Approach to resilience The ASSIST API and database can both be clustered which makes the system resilient. ASSIST services run in the cloud on virtual servers.
Outage reporting All of the ASSIST services are monitored by Internet Vista. Outages are reported via email and SMS.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels To handle different levels of access rights, roles can be defined within the system and users added to these groupings. This allows access rights and permissions to be set up in bulk rather than having to configure for each individual user.
Management of local user accounts can be undertaken using ASSIST's account administration section, which is only available to those users assigned the Administrator Role.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information No audit information available
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security No
Security governance accreditation No
Security governance approach A security procedural hierarchy is place from the on call engineer up to the security specialist. Various systems, including firewalls, produce real time alerts which are emailed to the on-call engineer or directly to security personnel.
Information security policies and processes Data protection processes are always followed. Personal information is encrypted. A two-stage authorisation process, via an identity server, is required for access to the system. Users are restricted to specific data sets by means of role-based access.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes to components are tracked via a ticketing system. Only product owners can create the tickets and assign them to the development teams. Tickets can only be closed off after changes have undergone rigorous quality management checks in a dedicated test environment and have passed a series of functional and security checks within the staging environment.
Vulnerability management type Supplier-defined controls
Vulnerability management approach On a monthly basis a large cross section of device and daemon logs are processed in depth using both automated tools and extensive direct human analysis. Each of the major systems are tracked for upstream security notices using normal mechanisms.

On top of this key staff monitor the general CVE security feeds for points of interest along with summaries from other contacts (e.g. Qualsys security roundup).

Non-aggressive high level pen testing is performed twice annually and proactive security testing of new assets is a key stage of any deployment.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Daily analysis of server (System, security etc.) and firewall logs is performed. Dedicated support personnel are trained to identify potential compromises and when these are identified they are thoroughly investigated. As a general principal a security in-depth policy is adopted where the seriousness of the security incidents is treated as critical until such time as it is proven otherwise.
Incident management type Supplier-defined controls
Incident management approach Daily system maintenance checks are carried out. Service availability monitored by a third party service and email and text alerts sent out when services are unresponsive. Incidents are reported by email or phone and recorded in our ticketing system. If requested monthly performance reports can be provided.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £16000 per licence per year
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑