Buchanan Computing

Buchanan Cloud Services Accident Analysis

An integrated cloud-based service providing a complete solution to analyse road traffic accidents. Specialist users load and validate data from multiple sources. Validated accidents can then be analysed spatially and based on STATS19 fields providing output in configurable reports and map outputs. Data export options meets DfT requirements.


  • Incorporates AccsMap, the UK’s leading accident analysis application
  • Designed for ease of use, with CRASH, NICHE load options
  • Optimized and comprehensive analytical toolsfor police and local government
  • Specialised training and enhanced support services
  • Fully managed, resilient, and secure ISO 27001 environment
  • Regular system, software, and hardware upgrades and replacements
  • Environment attuned providing optimum performance for AccsMap
  • Blend of open and proprietary technologies
  • Scalable - accommodates any increase in number of users
  • Fully supported environment – maintained and monitored by experienced technicians


  • Ability to provide, managed, audited, validated collision data
  • Analysis for use in justifying economic benefits of remediation works
  • Analyse full STATS19 data, alongside related data sets eg population
  • Comparative reporting, accessing collision data from other UK authorises
  • Transparency, information sharing with residents, councillors, police, fire services
  • Centralized service enabling better cross departmental working
  • Cost effective, built on blending open and proprietary technologies
  • Labour saving tools for fast production of maps and reports.
  • Business continuity assured with software upgrades and support
  • Support accommodates any statutory changes to STATS19 data structure.


£131.86 to £2294.53 per person per month

Service documents

G-Cloud 11


Buchanan Computing




Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Although the service is built to work primarily in a Microsoft Window based environment, it can be accessed via other platforms, such as Android. However, there may be individual applications licencing restraints.
System requirements
  • Citrix Receiver - latest recommended version installed on user machines
  • Internet browers - standard internet browser, IE, Chrome, FireFox
  • Security certificate - DomainSSL SHA-256-G2

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Initial response is with an automatically-generated ticket number and requests are then prioritised and responded to in accordance with our SLA response times, which range from 30 minutes to 2 working days. Normally, response times are faster. Support desk core hours are 09:00 to 17:30 Monday to Friday (excluding bank holidays), during which time you can call the first line support team.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels All support queries are chanelled through the support team and are dealt with at the appropriate escalation levels starting with First Line Support -> Support Team Manager -> Product Managers -> Director Level staff.

Support related costs are included in the price regardless of which level the issues are being handled at.

Each client is assigned a technical project manager for the implementation stage, up until user acceptance testing is completed.

Thereafter, the project is assigned to the hosted services support and management team.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Training is provided to users at the commencement of the contract. Various training courses are delivered to users depending on level of user ranging from a entry level training course, advanced user course and administration level course.

Training can be delivered either a) at Buchanan Computing office in Hammersmith London, or b) onsite at client offices or c) remotely.

Hard copy training manuals and exercises are provided to delegates that attend a training course.

User guides / helps files are provided and are accessible by users through the file menu.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats CHM
End-of-contract data extraction At the end of the contract and including at anytime during the contract, designated users are able to export data in standard formats such as MapInfo Tab, MapInfo Midmif, ESRI Shp files. These exports can be saved local networks or on specified FTP or SFTP sites. These exports can then be imported by other systems for use elsewhere.
End-of-contract process One month prior to the end of the contract, users will be notified that the contract will be coming to an end. Designated users will be advised to carry out an export and copy all data that has been generated during the contract to local networks or FTP/SFTP site. At the end of the contract date, all user logins will be deactivated.

Other associated such as base-mapping and address gazetteers will be provided back to the client in the standard/native format.

There are no additional costs for supplying the data to the client at the end of the contract into the above mentioned standard formats. Costs may apply if the client requires data to be provided in the other formats.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Mobile service is for disseminating data, and as such is read-only, with very limited editing abilities.
Customisation available Yes
Description of customisation Designated users, such as a supervisor or system administrator are able to customise the core element of the solution relating to accident analysis and make adaptations to meet the requirement of the clients.
Areas that can be customised include, but are not limited to:
• Flexible reporting
• Export formats (eg exclusion of sensitive data)
• Styles, size and colour based on different categories of accidents Eg by vehicle type or age of drivers, etc..
• Print templates, adding corporate logo, scale bars, legend location and north arrow
• Temporary Inclusion of other authority’s collision related data. From within AccsMap users can securely download any mainland authority’s collision data (with associated mapping). This will be used in conjunction with other open data sets based on SOA these include: population, IMD index and traffic flow rates.


Independence of resources The system is built with scalability in mind. At the onset of any contract, an assessment is carried out on the number of users and more than sufficient hardware and software is assigned, including sufficient excess.

The processing and memory demand on the system is continuously monitored and when certain thresholds are reached, decisions are taken to increase capacity. These include a variety of measures such as installing additional RAM and/or hard disk space.

The turnaround time is short due to close physical location of the servers and with the specialist technical staff having pre-qualified access.


Service usage metrics Yes
Metrics types Quarterly reports can be provided upon request and the report contains the following metrics:
-Support incidents
-Service credits
-Maintenance carried out during reporting period
-Scheduled and planned future maintenance
-Availability of service
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach At the end of the contract and including at anytime during the contract, designated users are able to export data in standard formats such as MapInfo Tab, MapInfo Midmif, ESRI Shp files. These exports can be saved local networks or on specified FTP sites. These exports can then be imported by other systems for use elsewhere.
Data export formats
  • CSV
  • Other
Other data export formats
  • MapInfo Table .TAB
  • MapInfo Interchange .MID
  • AutoCAD .DXF
  • Tab Delimited ASCII .TXT
  • ESRI Shapefile .SHP
Data import formats Other
Other data import formats
  • MapInfo Table. TAB
  • ESRI Shapefile . SHP

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks IPsec or TLS VPN gateway
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Availability is measured as a percentage of the total time in a service period: Service Availability % = (((MP - SD)*100)/MP) where MP = Total number of minutes (derived from Service Core hours), excluding permitted maintenance, within the relevant Service period; and SD = Total number of minutes of Service Downtime, excluding permitted maintenance, in the relevant Service period.

4 days of planned maintenance allowed per year.

Service core hours for Citrix solution - 08:00 to 18:00 from Monday to Friday, excluding bank holidays.

Availability levels will be determined separately for Citrix systems; they will be by calendar months, based upon all accountable downtime (excluding plan maintenance periods). If the levels of availability during the Services Core Hours (eg 08:00am to 18:00pm hosted service, and 9:00 – 17:30 for the Support Desk) for a calendar quarter are below 98%, then a Service Credit shall be payable for a degraded services using calculation below where 1 (one) point equals 1% of the quarters contract value for the support and hosting services:
.> 98.00% O points; 97.00% to 97.99% 1 point; 96.00% to 96.99% 2 points, < 96% 3 Points, then 1 further Point for every other full hour of service unavailability.
Approach to resilience The resilient design of the system is deemed confidential and is available upon request, and as commercial-in-confidence.
Generally, Single points of potential failures have been overcome, with a high degree of dual failsafes such as: Power and comms, firewalls, switches, and servers, allowing for at least two VMs to be provided for each client on different physical hosts. Support desk has back up communication routes in order to protect against any potential loss of their service.
Outage reporting Service outages are reported to designated users of the service by, a) email alerts, b) telephone call and if required c) on the company website.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels For simple support questions through telephone support, the caller needs to provide a name and this is checked against a named user list.

For support requests that are deemed more sensitive, the request must be sent by email and from a client originating email domain.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 SGS United Kingdom Limited
ISO/IEC 27001 accreditation date 20/12/2017
What the ISO/IEC 27001 doesn’t cover End user IT infrastructure
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes An information security policy is in place, and is available for inspection upon request. It details:
- information provision
-use, disclosure and publication
-data protection
-retention, review and deletion

-baseline security for data processing personnel
-information security organisation
-assets classification and control
-personnel security
-physical and environmental security
-system access controls
-business continuity planning

The governance structure relating to information security within BC has been implemented and is in place.

Information security is governed through a company hierarchy (Managing Director, ICT and Support manager, Hosting Manager). It is the responsibility of the ICT and Support Manager to draft these policies and manage their deployment. They are reviewed by relevant directors and managers.

All staff are responsible for being aware of the policy and working within its guidelines.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Change control procedures are in place regarding changes to the service which is a managed process for carrying out software updates and security patches:

• Application Software: Planned updates agreed with the customer.
• Operating System Patches: regularly / automatically downloaded. Then reviewed prioritised and if appropriate, installed.
• Quarterly maintenance schedule. Issued annually and agreed with client.

Internal software changes are carried out in-house, with version control and audit trail. Changes tracked to source code.

Hardware configuration is held in-house and updated when required.

Software changes and updates are tested in house prior to ‘going live’.
Vulnerability management type Supplier-defined controls
Vulnerability management approach The managed and considered process for carrying out software updates and security patches:

• Software: Planned updates, as agreed with the customer.
• Operating System Patches: regularly / automatically downloaded. Then reviewed prioritised and if appropriate, installed.

Scheduled tasks are set at regular intervals to assess latest available security updates. These include Microsoft 'patch Tuesday' releases, Cisco security updates, Dell firmware updates and the Citrix site latest hotfixes. Depending on the nature of the updates available these are scheduled and prioritised accordingly.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Protection from untrusted networks by standard boundary controls consistwith perimeter network and intrusion detection systems -Via DMZ controlled access.

All critical infrastructure is monitored using Nagios. Staff alerted as incident occurs and during the working week round the clock coverage is available so that incidents can be address immediately.

Controls protect against malware and viruses. Kaspersky Endpoint Security for Windows installed on every server. Configured to monitor and scan for viruses, worms, Trojans, malicious tools, malware and auto-diallers. Virus definition files are updated every 2 hours. Suspicious/infected files are quarantined and reports are available detailing instances of detection, attack etc.
Incident management type Supplier-defined controls
Incident management approach There are pre-defined and documented processes to deal with common incidents and these include client notification and escalation stages.

Users report incidents by contacting the first line support team either by email or telephone. Alternative contact details (mobile number) are made available in the unlikely event of a complete email service or telephone exchange failure.

Incident reports are provided as part of quarterly reports, available upon request.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £131.86 to £2294.53 per person per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A demonstration site that can be made available to interested clients for the purposes of trialling most elements of the service.

It includes sample data with pre-configured data, documents and print templates.

Typically limited to one week and up to 3 concurrent evaluators.
Link to free trial Available upon request

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑