Nautoguide Ltd

Customer Engagement, Consultation and Feedback Service

A map based cloud service for delivering consultation, engagement, feedback or crowd-sourcing of data for internal and external collaboration. The service is data-driven designed to provide accessible, heavily customisable polls, questionnaires and surveys - as either a 'white label' (branded) third-party hosted or embedded resource.


  • Map based consultation engine designed for public engagement
  • Integrated with social networks and other electronic delivery channels
  • Responsive design supports wide range of devices
  • Sophisticated reporting engine for location and demographic analysis of results
  • Moderation and auto-filtering of public content
  • Access to Ordnance Survey detailed base mapping and data
  • Simple design tools for creation of consultations or engagements
  • Integrated polls and questionnaires
  • Crowdsourcing of data from public
  • Easily re-branded 'white label' interface and system communications


  • Lower cost of consultation through electronic delivery
  • Reach new communities via social network integration
  • Deeper engagement public can interact with map and each other
  • Deeper understanding of respondents via geodemographic analysis
  • Works seamlessly with existing sites and processes
  • Responsive design supports wide range of devices
  • Crowdsourcing engine delivers new data and insights from public
  • Reduced cost of data entry from consultation response
  • Utilises Ordnance Survey mapping for detailed views of locality
  • Highly customisable to task in hand


£0.01 to £0.75 per unit per year

Service documents

G-Cloud 9


Nautoguide Ltd

Dave Barter


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No
System requirements Requires PSMA or end user license for Ordnance Survey Mastermap

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 1 hour Monday - Friday

Within 24 hours at weekends for severity 2- 4 issues. Within 2 hours at weekends for severity 1 issues.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Our support is focused upon business hours and based up the classification of each incident on a scale of 1 - 4. We respond as follows:-

1 - all users unable to access - within 30 minutes
2 - elements of service affected - within 2 hours
3 - service usable but issues in certain areas - same business day
4 - improvements identified - within 48 hours

All support is included in our pricing and we only charge extra for enhanced service levels out of hours.

We appoint a technical account manager for each customer, identified by name and available directly via phone or email.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide a half-day session of onsite training in the user of the service. This is backed up with a user manual and a series of video tutorials offering guidance in all aspects of the system
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Data can be extracted in a variety of formats depending upon requirements. We support CSV, XLS,JSON and GeoJSON formats but can also export into XML , ESRI shapefile, GML or KML on request.
End-of-contract process At contract end we export all required data from the system and hand over to the customer via a mutually agreed secure transfer mechanism. The site is then archived and removed from public view. If required all data is deleted securely but we are also able to hold the site in archive mode for a period of 6 months at no charge were there an anticipation that the service may be brought into operation in the future.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service We limit certain editing functions for map based geometries which would not work well on small screen devices.
Accessibility standards None or don’t know
Description of accessibility The service is designed and developed to meet WCAG 2.0 AA. However, it is important to note that a primary feature of the interactive mapping is user contribution. In instances where (other) users have placed information on the map and whilst all content is accessible via traditional 'search/list' style navigation, location context of suggestions/information may depend on the the user's awareness of map positioning in terms of both reading and making contributions (WCAG 2.0 1.3.2 / EN 301 549 9.2.7)
Accessibility testing We test all of our cloud services in the WEBBIE ( browser for the blind and visually impaired.
What users can and can't do using the API Every single service action is available via a REST API. This includes configuring, managing, reporting, moderation and data export. There are no limitations to the use of API for service setup or changes.
API documentation Yes
API documentation formats Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The published site can be rebranded to reflect your corporate look and feel. This is currently actioned by our administrators to ensure consistency in site wide CSS. Custom reports can be added to the system on request.


Independence of resources Our service utilises Docker and On-Demand AWS instances to auto scale as traffic levels increase. Service connections are monitored in real time and Docker application instances created or destroyed to satisfy demand. Tiers of application separation allow us to segment customers into their own containers and prevent one user's peak traffic affecting another's.


Service usage metrics Yes
Metrics types We capture every single interaction with the service including public and private users and these are reported via a series of real-time dashboards. Custom reports can be created on request and in addition we have integrated Google Analytics and can expose this to a separate account for site interaction analysis.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Via an administrative backend web interface and a download screen that exports data in CSV format.

Alternatively data can be retrieved via a REST API in Geojson format.
Data export formats
  • CSV
  • Other
Other data export formats
  • Geojson
  • XLS
Data import formats
  • CSV
  • Other
Other data import formats XLS

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability 99.9% uptime guarantee 24x7 for this service

The level of refund will be calculated depending upon the number of hours for which service was unavailable at a pro-rata rate of 5% monthly charges. Refunds will only become due for customers who have directly reported downtime to the client. Refunds will be never exceed 50% of monthly fee for any given month.
Approach to resilience Our platform is hosted within the AWS cloud which offers us a 99.95% uptime on all our virtual machines. We have engineered our system from the ground up to be resilient from single machine failure to full data centre fail over.

This is achieved through the use of docker container services that are able to spin up in under 20 seconds to take over from failed instances automatically and forms the basis of our load balancing that is able to cope with usage spikes. In this way redundant capacity is able to deal with hardware failure with zero down time.

We maintain a dual data centre presence in a different AWS region that functions in sleep mode. The secondary data centre is kept up to date with live and in the event of a total data centre fail it will spin up and accept the failover at which point it becomes the primary data centre.

We maintain long term storage backups that allow full disaster recovery. Unlike normal emergency recovery methods that are normally untested we actually use this recovery as part of our primary build process for environments and to increase our database capacity.
Outage reporting Our service is monitored via API. A single and simple REST call is used to check availability.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels All of our service and infrastructure access requires two factor authentication throughout. Access to AWS services requires a Multi-Factor-Authentication token in addition to a username and password. Access to database or application services can only be achieved via our VPN, a set of username/password credentials and a digital certificate.

Management and support channels require username/password and an organisation identifier and can be locked to IP address or range if available.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach We conform to the PCI DSS and ISO 27001 standards but do not have formal certification
Information security policies and processes Our IS policy is owned and managed directly by our CTO. All operational and development staff with access to information report directly to the CTO and must obtain audited sign off for any access to information governed by our security process.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We operate an automated change control and authorisation process whereby all system change is tracked and approved through version control by our CTO. This includes a security assessment for each change and audited acceptance/rejection of changes within our source and system configuration management framework
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our system administrators assess each threat against the DREAD threat model. Any score greater than 5 warrants an immediate response.

Critical patches are applied instantly and we take services offline until any vulnerabilities identified are tested and approved as removed.

We subscribe to the US-CERT alerts service and assess potential threats in real time.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We monitor all of our systems using an external third party service for availability and an internal network of Sensu monitoring components.

Additionally all system errors are reported to admins in real time 24x7 and these are used to identify attacks and compromises.

We assess the issue instantly and monitor the issue further using real time views of system logs. If the system is compromised we take it offline immediately
Incident management type Supplier-defined controls
Incident management approach We manage all incidents through a single support portal where the incident is immediately categorised and assigned to an internal manager.

Incidents are reported via phone, web, email and real time messaging (Slack)

Incident reports are curated and delivered via our support portal

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.01 to £0.75 per unit per year
Discount for educational organisations No
Free trial available Yes
Description of free trial Freely available public service for use of members of public or consultations by non-profit/neighbourhood organisations.

Access to generic trial service provided on request for evaluation purposes
Link to free trial


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑