A map based cloud service for delivering consultation, engagement, feedback or crowd-sourcing of data for internal and external collaboration. The service is data-driven designed to provide accessible, heavily customisable polls, questionnaires and surveys - as either a 'white label' (branded) third-party hosted or embedded resource.
- Map based consultation engine designed for public engagement
- Integrated with social networks and other electronic delivery channels
- Responsive design supports wide range of devices
- Sophisticated reporting engine for location and demographic analysis of results
- Moderation and auto-filtering of public content
- Access to Ordnance Survey detailed base mapping and data
- Simple design tools for creation of consultations or engagements
- Integrated polls and questionnaires
- Crowdsourcing of data from public
- Easily re-branded 'white label' interface and system communications
- Lower cost of consultation through electronic delivery
- Reach new communities via social network integration
- Deeper engagement public can interact with map and each other
- Deeper understanding of respondents via geodemographic analysis
- Works seamlessly with existing sites and processes
- Responsive design supports wide range of devices
- Crowdsourcing engine delivers new data and insights from public
- Reduced cost of data entry from consultation response
- Utilises Ordnance Survey mapping for detailed views of locality
- Highly customisable to task in hand
£0.01 to £0.75 per unit per year
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|System requirements||Requires PSMA or end user license for Ordnance Survey Mastermap|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Within 1 hour Monday - Friday
Within 24 hours at weekends for severity 2- 4 issues. Within 2 hours at weekends for severity 1 issues.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Our support is focused upon business hours and based up the classification of each incident on a scale of 1 - 4. We respond as follows:-
1 - all users unable to access - within 30 minutes
2 - elements of service affected - within 2 hours
3 - service usable but issues in certain areas - same business day
4 - improvements identified - within 48 hours
All support is included in our pricing and we only charge extra for enhanced service levels out of hours.
We appoint a technical account manager for each customer, identified by name and available directly via phone or email.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||We provide a half-day session of onsite training in the user of the service. This is backed up with a user manual and a series of video tutorials offering guidance in all aspects of the system|
|End-of-contract data extraction||Data can be extracted in a variety of formats depending upon requirements. We support CSV, XLS,JSON and GeoJSON formats but can also export into XML , ESRI shapefile, GML or KML on request.|
|End-of-contract process||At contract end we export all required data from the system and hand over to the customer via a mutually agreed secure transfer mechanism. The site is then archived and removed from public view. If required all data is deleted securely but we are also able to hold the site in archive mode for a period of 6 months at no charge were there an anticipation that the service may be brought into operation in the future.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||We limit certain editing functions for map based geometries which would not work well on small screen devices.|
|Accessibility standards||None or don’t know|
|Description of accessibility||The service is designed and developed to meet WCAG 2.0 AA. However, it is important to note that a primary feature of the interactive mapping is user contribution. In instances where (other) users have placed information on the map and whilst all content is accessible via traditional 'search/list' style navigation, location context of suggestions/information may depend on the the user's awareness of map positioning in terms of both reading and making contributions (WCAG 2.0 1.3.2 / EN 301 549 9.2.7)|
|Accessibility testing||We test all of our cloud services in the WEBBIE (http://www.webbie.org.uk/) browser for the blind and visually impaired.|
|What users can and can't do using the API||Every single service action is available via a REST API. This includes configuring, managing, reporting, moderation and data export. There are no limitations to the use of API for service setup or changes.|
|API documentation formats||Other|
|API sandbox or test environment||Yes|
|Description of customisation||The published site can be rebranded to reflect your corporate look and feel. This is currently actioned by our administrators to ensure consistency in site wide CSS. Custom reports can be added to the system on request.|
|Independence of resources||Our service utilises Docker and On-Demand AWS instances to auto scale as traffic levels increase. Service connections are monitored in real time and Docker application instances created or destroyed to satisfy demand. Tiers of application separation allow us to segment customers into their own containers and prevent one user's peak traffic affecting another's.|
|Service usage metrics||Yes|
|Metrics types||We capture every single interaction with the service including public and private users and these are reported via a series of real-time dashboards. Custom reports can be created on request and in addition we have integrated Google Analytics and can expose this to a separate account for site interaction analysis.|
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||Physical access control, complying with SSAE-16 / ISAE 3402|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
Via an administrative backend web interface and a download screen that exports data in CSV format.
Alternatively data can be retrieved via a REST API in Geojson format.
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||XLS|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
99.9% uptime guarantee 24x7 for this service
The level of refund will be calculated depending upon the number of hours for which service was unavailable at a pro-rata rate of 5% monthly charges. Refunds will only become due for customers who have directly reported downtime to the client. Refunds will be never exceed 50% of monthly fee for any given month.
|Approach to resilience||
Our platform is hosted within the AWS cloud which offers us a 99.95% uptime on all our virtual machines. We have engineered our system from the ground up to be resilient from single machine failure to full data centre fail over.
This is achieved through the use of docker container services that are able to spin up in under 20 seconds to take over from failed instances automatically and forms the basis of our load balancing that is able to cope with usage spikes. In this way redundant capacity is able to deal with hardware failure with zero down time.
We maintain a dual data centre presence in a different AWS region that functions in sleep mode. The secondary data centre is kept up to date with live and in the event of a total data centre fail it will spin up and accept the failover at which point it becomes the primary data centre.
We maintain long term storage backups that allow full disaster recovery. Unlike normal emergency recovery methods that are normally untested we actually use this recovery as part of our primary build process for environments and to increase our database capacity.
|Outage reporting||Our service is monitored via API. A single and simple REST call is used to check availability.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
All of our service and infrastructure access requires two factor authentication throughout. Access to AWS services requires a Multi-Factor-Authentication token in addition to a username and password. Access to database or application services can only be achieved via our VPN, a set of username/password credentials and a digital certificate.
Management and support channels require username/password and an organisation identifier and can be locked to IP address or range if available.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||No|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||No|
|Security governance approach||We conform to the PCI DSS and ISO 27001 standards but do not have formal certification|
|Information security policies and processes||Our IS policy is owned and managed directly by our CTO. All operational and development staff with access to information report directly to the CTO and must obtain audited sign off for any access to information governed by our security process.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||We operate an automated change control and authorisation process whereby all system change is tracked and approved through version control by our CTO. This includes a security assessment for each change and audited acceptance/rejection of changes within our source and system configuration management framework|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Our system administrators assess each threat against the DREAD threat model. Any score greater than 5 warrants an immediate response.
Critical patches are applied instantly and we take services offline until any vulnerabilities identified are tested and approved as removed.
We subscribe to the US-CERT alerts service and assess potential threats in real time.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
We monitor all of our systems using an external third party service for availability and an internal network of Sensu monitoring components.
Additionally all system errors are reported to admins in real time 24x7 and these are used to identify attacks and compromises.
We assess the issue instantly and monitor the issue further using real time views of system logs. If the system is compromised we take it offline immediately
|Incident management type||Supplier-defined controls|
|Incident management approach||
We manage all incidents through a single support portal where the incident is immediately categorised and assigned to an internal manager.
Incidents are reported via phone, web, email and real time messaging (Slack)
Incident reports are curated and delivered via our support portal
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£0.01 to £0.75 per unit per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||
Freely available public service for use of members of public or consultations by non-profit/neighbourhood organisations.
Access to generic trial service provided on request for evaluation purposes
|Link to free trial||https://geovey.org|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|