Buchanan Cloud Services Accident Analysis
An integrated cloud-based service providing a complete solution to analyse road traffic accidents. Specialist users load and validate data from multiple sources. Validated accidents can then be analysed spatially and based on STATS19 fields providing output in configurable reports and map outputs. Data export options meets DfT requirements.
- Incorporates AccsMap, the UK’s leading accident analysis application
- Designed for ease of use, with CRASH, NICHE load options
- Optimized and comprehensive analytical toolsfor police and local government
- Specialised training and enhanced support services
- Fully managed, resilient, and secure ISO 27001 environment
- Regular system, software, and hardware upgrades and replacements
- Environment attuned providing optimum performance for AccsMap
- Blend of open and proprietary technologies
- Scalable - accommodates any increase in number of users
- Fully supported environment – maintained and monitored by experienced technicians
- Ability to provide, managed, audited, validated collision data
- Analysis for use in justifying economic benefits of remediation works
- Analyse full STATS19 data, alongside related data sets eg population
- Comparative reporting, accessing collision data from other UK authorises
- Transparency, information sharing with residents, councillors, police, fire services
- Centralized service enabling better cross departmental working
- Cost effective, built on blending open and proprietary technologies
- Labour saving tools for fast production of maps and reports.
- Business continuity assured with software upgrades and support
- Support accommodates any statutory changes to STATS19 data structure.
£131.86 to £2294.53 per person per month
- Education pricing available
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||Although the service is built to work primarily in a Microsoft Window based environment, it can be accessed via other platforms, such as Android. However, there may be individual applications licencing restraints.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Initial response is with an automatically-generated ticket number and requests are then prioritised and responded to in accordance with our SLA response times, which range from 30 minutes to 2 working days. Normally, response times are faster. Support desk core hours are 09:00 to 17:30 Monday to Friday (excluding bank holidays), during which time you can call the first line support team.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
All support queries are chanelled through the support team and are dealt with at the appropriate escalation levels starting with First Line Support -> Support Team Manager -> Product Managers -> Director Level staff.
Support related costs are included in the price regardless of which level the issues are being handled at.
Each client is assigned a technical project manager for the implementation stage, up until user acceptance testing is completed.
Thereafter, the project is assigned to the hosted services support and management team.
|Support available to third parties||Yes|
Onboarding and offboarding
Training is provided to users at the commencement of the contract. Various training courses are delivered to users depending on level of user ranging from a entry level training course, advanced user course and administration level course.
Training can be delivered either a) at Buchanan Computing office in Hammersmith London, or b) onsite at client offices or c) remotely.
Hard copy training manuals and exercises are provided to delegates that attend a training course.
User guides / helps files are provided and are accessible by users through the file menu.
|Other documentation formats||CHM|
|End-of-contract data extraction||At the end of the contract and including at anytime during the contract, designated users are able to export data in standard formats such as MapInfo Tab, MapInfo Midmif, ESRI Shp files. These exports can be saved local networks or on specified FTP or SFTP sites. These exports can then be imported by other systems for use elsewhere.|
One month prior to the end of the contract, users will be notified that the contract will be coming to an end. Designated users will be advised to carry out an export and copy all data that has been generated during the contract to local networks or FTP/SFTP site. At the end of the contract date, all user logins will be deactivated.
Other associated such as base-mapping and address gazetteers will be provided back to the client in the standard/native format.
There are no additional costs for supplying the data to the client at the end of the contract into the above mentioned standard formats. Costs may apply if the client requires data to be provided in the other formats.
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||Windows|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Mobile service is for disseminating data, and as such is read-only, with very limited editing abilities.|
|Description of customisation||
Designated users, such as a supervisor or system administrator are able to customise the core element of the solution relating to accident analysis and make adaptations to meet the requirement of the clients.
Areas that can be customised include, but are not limited to:
• Flexible reporting
• Export formats (eg exclusion of sensitive data)
• Styles, size and colour based on different categories of accidents Eg by vehicle type or age of drivers, etc..
• Print templates, adding corporate logo, scale bars, legend location and north arrow
• Temporary Inclusion of other authority’s collision related data. From within AccsMap users can securely download any mainland authority’s collision data (with associated mapping). This will be used in conjunction with other open data sets based on SOA these include: population, IMD index and traffic flow rates.
|Independence of resources||
The system is built with scalability in mind. At the onset of any contract, an assessment is carried out on the number of users and more than sufficient hardware and software is assigned, including sufficient excess.
The processing and memory demand on the system is continuously monitored and when certain thresholds are reached, decisions are taken to increase capacity. These include a variety of measures such as installing additional RAM and/or hard disk space.
The turnaround time is short due to close physical location of the servers and with the specialist technical staff having pre-qualified access.
|Service usage metrics||Yes|
Quarterly reports can be provided upon request and the report contains the following metrics:
-Maintenance carried out during reporting period
-Scheduled and planned future maintenance
-Availability of service
|Reporting types||Reports on request|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||At the end of the contract and including at anytime during the contract, designated users are able to export data in standard formats such as MapInfo Tab, MapInfo Midmif, ESRI Shp files. These exports can be saved local networks or on specified FTP sites. These exports can then be imported by other systems for use elsewhere.|
|Data export formats||
|Other data export formats||
|Data import formats||Other|
|Other data import formats||
|Data protection between buyer and supplier networks||IPsec or TLS VPN gateway|
|Data protection within supplier network||IPsec or TLS VPN gateway|
Availability and resilience
Availability is measured as a percentage of the total time in a service period: Service Availability % = (((MP - SD)*100)/MP) where MP = Total number of minutes (derived from Service Core hours), excluding permitted maintenance, within the relevant Service period; and SD = Total number of minutes of Service Downtime, excluding permitted maintenance, in the relevant Service period.
4 days of planned maintenance allowed per year.
Service core hours for Citrix solution - 08:00 to 18:00 from Monday to Friday, excluding bank holidays.
Availability levels will be determined separately for Citrix systems; they will be by calendar months, based upon all accountable downtime (excluding plan maintenance periods). If the levels of availability during the Services Core Hours (eg 08:00am to 18:00pm hosted service, and 9:00 – 17:30 for the Support Desk) for a calendar quarter are below 98%, then a Service Credit shall be payable for a degraded services using calculation below where 1 (one) point equals 1% of the quarters contract value for the support and hosting services:
.> 98.00% O points; 97.00% to 97.99% 1 point; 96.00% to 96.99% 2 points, < 96% 3 Points, then 1 further Point for every other full hour of service unavailability.
|Approach to resilience||
The resilient design of the system is deemed confidential and is available upon request, and as commercial-in-confidence.
Generally, Single points of potential failures have been overcome, with a high degree of dual failsafes such as: Power and comms, firewalls, switches, and servers, allowing for at least two VMs to be provided for each client on different physical hosts. Support desk has back up communication routes in order to protect against any potential loss of their service.
|Outage reporting||Service outages are reported to designated users of the service by, a) email alerts, b) telephone call and if required c) on the company website.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||
For simple support questions through telephone support, the caller needs to provide a name and this is checked against a named user list.
For support requests that are deemed more sensitive, the request must be sent by email and from a client originating email domain.
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||SGS United Kingdom Limited|
|ISO/IEC 27001 accreditation date||20/12/2017|
|What the ISO/IEC 27001 doesn’t cover||End user IT infrastructure|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
An information security policy is in place, and is available for inspection upon request. It details:
- information provision
-use, disclosure and publication
-retention, review and deletion
-baseline security for data processing personnel
-information security organisation
-assets classification and control
-physical and environmental security
-system access controls
-business continuity planning
The governance structure relating to information security within BC has been implemented and is in place.
Information security is governed through a company hierarchy (Managing Director, ICT and Support manager, Hosting Manager). It is the responsibility of the ICT and Support Manager to draft these policies and manage their deployment. They are reviewed by relevant directors and managers.
All staff are responsible for being aware of the policy and working within its guidelines.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Change control procedures are in place regarding changes to the service which is a managed process for carrying out software updates and security patches:
• Application Software: Planned updates agreed with the customer.
• Operating System Patches: regularly / automatically downloaded. Then reviewed prioritised and if appropriate, installed.
• Quarterly maintenance schedule. Issued annually and agreed with client.
Internal software changes are carried out in-house, with version control and audit trail. Changes tracked to source code.
Hardware configuration is held in-house and updated when required.
Software changes and updates are tested in house prior to ‘going live’.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
The managed and considered process for carrying out software updates and security patches:
• Software: Planned updates, as agreed with the customer.
• Operating System Patches: regularly / automatically downloaded. Then reviewed prioritised and if appropriate, installed.
Scheduled tasks are set at regular intervals to assess latest available security updates. These include Microsoft 'patch Tuesday' releases, Cisco security updates, Dell firmware updates and the Citrix site latest hotfixes. Depending on the nature of the updates available these are scheduled and prioritised accordingly.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Protection from untrusted networks by standard boundary controls consistwith perimeter network and intrusion detection systems -Via DMZ controlled access.
All critical infrastructure is monitored using Nagios. Staff alerted as incident occurs and during the working week round the clock coverage is available so that incidents can be address immediately.
Controls protect against malware and viruses. Kaspersky Endpoint Security for Windows installed on every server. Configured to monitor and scan for viruses, worms, Trojans, malicious tools, malware and auto-diallers. Virus definition files are updated every 2 hours. Suspicious/infected files are quarantined and reports are available detailing instances of detection, attack etc.
|Incident management type||Supplier-defined controls|
|Incident management approach||
There are pre-defined and documented processes to deal with common incidents and these include client notification and escalation stages.
Users report incidents by contacting the first line support team either by email or telephone. Alternative contact details (mobile number) are made available in the unlikely event of a complete email service or telephone exchange failure.
Incident reports are provided as part of quarterly reports, available upon request.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£131.86 to £2294.53 per person per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||
A demonstration site that can be made available to interested clients for the purposes of trialling most elements of the service.
It includes sample data with pre-configured data, documents and print templates.
Typically limited to one week and up to 3 concurrent evaluators.
|Link to free trial||Available upon request|