PADAM MOBILITY

Demand Responsive Transport Software

Padam Mobility designs and develops smart and dynamic Demand-Responsive Transport solutions using foolproof routing algorithms.

Our mobile apps, simulation and management interfaces are tailored to the needs of our customers: Transit Operators, Transport and Local authorities, private companies, in the interest of users and territories.

Features

  • Demand Responsive Transport Alogrithm
  • Demand Reponsive Transport Application
  • Demand Responsive transport management
  • Demand Responsive transport service design
  • Real time and advance booking
  • Rural Mobility solution
  • Multi-territory DRT platform
  • SEND DRT solution
  • DRT dirver applications
  • Public Transport optimisation

Benefits

  • Public Transport optimisation
  • Real time and advance booking
  • Public Transport Cost optimisation
  • Routing optimisation
  • White lable user application
  • Book a public transport in real time
  • Support of public transport public expert for service design
  • Full integration with existing network
  • Real time traveler informations
  • Payment modules integration

Pricing

£1,000 a licence a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at david@padam.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

4 4 1 1 3 1 8 6 8 4 7 3 3 1 0

Contact

PADAM MOBILITY David Carnero
Telephone: 0033770275009
Email: david@padam.io

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No specific constraints. Operating under a SaaS model
System requirements
Androïd tablets for driver application

User support

Email or online ticketing support
Email or online ticketing
Support response times
The Solution will be available on a monthly basis of 99.9% Working Hours.
The calculation of this availability rate does not include scheduled maintenance periods and service
interruptions due to a Force Majeure Event.
In the event of an Error, the Client may open an Error ticket with the Provider's Support Service, which
will intervene and resolve the Error under the conditions defined below.
Blocking error : within 5 business hours
Major error : within 2 business days
Minor error : within 3O business days

The Support Service is only available during Business Hours
User can manage status and priority of support tickets
No
Phone support
No
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We provide First level online support which is included in our offer
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Padam Mobility can provide full onsite or online training (as well as tailored change management strategy if needed) thanks to our dedicated training team.

Padam mobility can provide extensive documentation to its customer as well as an online support platform with FAQ and documentation available 24/7
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
When a contract ends Padam Mobility send the relevant datas back to the customer and destroy remaining datas in agreement with the customer
End-of-contract process
N/A

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Desktop services :
- Booking website
- Management interface for local authorities/operators

Mobile service :
- Native application for mobile devices
Service interface
No
API
Yes
What users can and can't do using the API
User can access services through or APIs but can't make any change
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
User can ask for customisation which could be then be develop by Padam's team

Scaling

Independence of resources
Infrastructure is dedicated for each of our customer, so that errors are not propagated. Database is powered by AWS RDS, set up with a redundant database to automatically take over if needed. Backups are automatic and allow restoring at any second for the previous 10 days. As a redundant measure, we manually backup the database 5 X day to another AWS service and keep them for the previous 5 days. We use a minimum of 2 application servers per customer and scale them according to demand. one server fail, another one is automatically launched. Servers are created in various datacenters.

Analytics

Service usage metrics
Yes
Metrics types
Padam provides an access to a dedicated Power BI dashboard with more than 50 metrics available :

Real-time monitoring for reactivity in case of hazards
A posteriori analysis of operations for capacity adaptation
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users exports their data into according format during set-up phase via "Wrike". Padam Mobility project management tools usually under an Excel or CSV format
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We offer first level SLA
Approach to resilience
Our system is as much redundant as possible:
- Infrastructure is dedicated for each of our customer, so that errors are not propagated
- Database is powered by AWS RDS, set up with a redundant database to automatically take over in case of need. Backups are done automatically and allow restoring at any second for the previous 10 days. As a redundant measure, we manually backup the database 5 times a day to another AWS service (encrypted of course) and keep them for the previous 5 days.
- We use a minimum of 2 application servers per customer and scale them according to demand. Should one server fail, another one is automatically launched. Servers are created in various datacenters.
- Configuration is saved in multiple places so that there’s no loss
Outage reporting
Email Alerts and through the management interface

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
For the management, we have created multiple different profiles to restrict actions: for instance, call center personnel may only book for a customer but wouldn’t change the service design. In fact, call center personnel do not have to the management interface but use a dedicated version of consumer booking website so that they are restricted .In the management interface, one can be restricted, for instance, to only display the service as designed, but not edit it. When setting up the permissions, we ask our customers to restrict as much as possible the rights given to each account.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Tech team board is in charge of security governance policy
Information security policies and processes
Our CTO is in charge of the security policies and we have security guidelines, charter and documents available upon request

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Production infrastructure is entirely located on AWS datacenters.
Computers of employees having access to data are encrypted, and formatted when recycling is needed.
We are building on a secure framework (Django) and we validate user input and actions according to best security practices and user rights.
Our code is tagged in our versionning tool so that we can always be sure of the deployed version.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Penetration tests have already been conducted, which have confirmed the general quality of the system. Fixes have been developed to correct the vulnerabilities identified in the penetration tests according to their criticity.
We use a ticketing system to follow and ensure changes are pushed to production in a timely way. We take great care into not breaking retro-compatibility or offering an update path to the users.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Security events are collected into logs and analysed manually.
A part of our infrastructure is meant to react automatically to attacks: traffic is monitored and would raise alert above a certain level; calls to APIs are volume restricted and would be blocked above a certain threshold; user accounts are locked if too many signin errors happen
Incident management type
Supplier-defined controls
Incident management approach
Should a security incident happen, we would create a team on the spot dedicated to it.According to the attack vector, we would prevent access to the affected area: it it’s a network attack, we would remove all active servers and create new ones, as we think the most urgent action is too remove attacker access to our network.
If the breach is in our apis, we will try to be as invisible as possible and only work on affected APIs if possible. In the last extremity, we would shut down some part of our service while fixing the breach.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£1,000 a licence a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at david@padam.io. Tell them what format you need. It will help if you say what assistive technology you use.