Atos IT Services UK Ltd

Atos Operational Services; Multi Agency Incident Transfer (MAIT) Router

Atos’ Multi Agency Incident Transfer (MAIT) Router, is a cloud service designed to securely route MAIT Standards compliant incident data between Computer Aided Dispatch (CAD) systems in the contact centres and control rooms of emergency services authorities and other relevant users.


  • High Availability with hot standby Disaster Recovery fallback
  • Message volume and number of connected entities are completely scalable
  • Error handling built in for malformed or un-routable messages
  • Uses British APCO approved XML schema validation-MAIT1c and MAIT1d
  • Supports TCP/IP 1.2 and HTTPS SOAP connections
  • Minimal set up via VPN client
  • Hosted in the UK Azure cloud instances
  • Comprehensive audit capability for fault finding investigations and evidence gathering
  • Simple flat fee pricing structure/agreed volume–easy to upgrade
  • Supported by experienced Service Desk operating in line with ITIL


  • Life-saving–allowing faster deployment of emergency services assets
  • Efficient–freeing up contact centre time to handle more calls
  • Cost effective–reduces ISP charges to a single Internet connection
  • Easy interaction between emergency CADs
  • Less prone to inaccurate information being pass between CAD’s


£2500 per instance

  • Free trial available

Service documents


G-Cloud 11

Service ID

4 1 4 3 6 4 8 9 5 3 6 9 3 4 9


Atos IT Services UK Ltd

Louise Haggart


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints The Atos MAIT Router has no known constraints.
System requirements Ability to deploy small footprint VPN client into users CAD

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Service support is available 8am-6pm 5 days a week and out of hours for Priority 1 incidents.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels Level 1 telephone support 24/7/365.
Level 2 engineering support 8am – 6pm Monday-Friday.
Level 3 code level product support 8am – 6pm Monday-Friday.

All included with standard pricing.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Engineering support is available to trial the service, set up testing and troubleshoot connectivity to prove the service prior to switching to production environment.
Service documentation Yes
Documentation formats
  • ODF
  • PDF
  • Other
Other documentation formats MS Word
End-of-contract data extraction Not necessary, the service does not store client data.
End-of-contract process The routing service stops, no additional charge.

Using the service

Using the service
Web browser interface No
Application to install Yes
Compatible operating systems
  • Linux or Unix
  • Windows
Designed for use on mobile devices No
Service interface Yes
Description of service interface Supports TCP/IP 1.2 and HTTPS SOAP connections for easy connectivity.
Accessibility standards None or don’t know
Description of accessibility Users are not required to interface with this service, it is a system to system routing technology.
Accessibility testing Users are not required to interface with this service, it is a system to system routing technology.
What users can and can't do using the API Users are not required to interface with this service, it is a system to system routing technology.
API documentation Yes
API documentation formats
  • ODF
  • PDF
  • Other
API sandbox or test environment Yes
Customisation available No


Independence of resources The service scales automatically in line with demand, it is a feature of the cloud based architecture behind the service.


Service usage metrics Yes
Metrics types Number of messages routed and rejected in the reporting period.
Number of incidents raised and their resolution status.
Reporting types Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Other
Other data at rest protection approach Data does not “rest” in the system, it is received and routed to a destination and stored only momentarily for the purpose of format checking before being overwritten.
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data export is not applicable to this service
Data export formats
  • CSV
  • Other
Other data export formats MS Excel
Data import formats Other

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks The application we provide to the client creates a VPN back to the MAIT hub in Azure, Atos also manage the hub in Azure via a VPN connection.
Data protection within supplier network Other
Other protection within supplier network No client data touches the Atos network

Availability and resilience

Availability and resilience
Guaranteed availability The solution is based upon Azure Cloud with resilience built into the solution. SLA’s on compute mirror that of Microsoft Azre
Approach to resilience Dual redundant systems with automatic failover – further details on request.
Outage reporting If the router and its hot standby failed then receipts for messages sent would be generated and senders would hence be aware of the fault.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
Access restrictions in management interfaces and support channels Only relevant security checked staff are able to support CDC using specifically secured support laptops. These use two factor authentication with strict password policies.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Ernst & Young - CentrePoint
ISO/IEC 27001 accreditation date 11/12/2017
What the ISO/IEC 27001 doesn’t cover Anything not explicitly declared in the Statement of Applicability.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes Group wide and local in country security policies as referenced from our Information Security Management System operated in accordance with and certified under ISO27001.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Atos operates a full ITIL compliant change process including configuration management, security management and release management.

All changes are assessed for potential security impact and tested with external penetration tests being commissioned for any material security impacting change for external validation.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Software is maintained within N-1 of latest versions using quarterly patch releases.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach All data in encrypted at rest, only approved compute can communicate between each other. Standard Azure monitoring and alerting is placed within the solution notifying our support team
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Incidents whether system-generated or user reported are recorded by the first line service desk where they are triaged. P1 incidents get an immediate response, all other incidents are responded to next working day.

Incident reporting is covered under monthly service reporting.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £2500 per instance
Discount for educational organisations No
Free trial available Yes
Description of free trial Atos are happy to discuss the specific needs of individual potential customers and support trials of bounded scope and effort .

Service documents

Return to top ↑