AVR Group Limited

Multi Agency Incident Transfer Hub

Managed Multi Agency Incident Transfer (MAIT) Hub enabling emergency services to securely transfer incident data between command and control systems.

Features

  • High availability service with no single points of failure
  • Public Service Network (PSN) connected for resilience & security
  • Two independent geographically separated hubs
  • Complies with MAIT Standard Version 1.0.0
  • Designed to accept messages from other MAIT compliant routers/hubs
  • Data hosted and processed in secure UK locations

Benefits

  • Improved operational efficiency
  • Rapid incident transfer between CAD systems
  • Exchange between multiple agencies
  • Accuracy & timeliness facilitates more informed decision making
  • Enhanced shared situational awareness
  • Secure & reliable
  • Cost effective

Pricing

£850.00 to £2,250.00 a user a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.miller@monitoring.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

4 5 5 3 0 5 1 9 2 4 9 9 2 2 5

Contact

AVR Group Limited Paul Miller
Telephone: 03332223998
Email: paul.miller@monitoring.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
There are no known constraints
System requirements
  • MAIT version 1.0.0 compliant connected system
  • Any currently supported web browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support questions replied to within 1 hour 24 x 7 x 365
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Level 1 telephone support 24 x 7 x 365
Level 2 technical support 08:00 - 18:00 Monday - Friday excluding public holidays
Level 3 advanced support 08:00 - 18:00 Monday - Friday excluding public holidays

All levels of support are included with standard pricing. Level 2 and 3 support are provided by cloud support engineers
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Any user with a MAIT standard version 1.0.0 compliant command and control system interface may use the service. User documentation explains how to connect to the AVR MAIT Hubs and onsite support is available if required
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Not applicable - the MAIT hub does not store user data
End-of-contract process
At the end of the contract services are terminated without additional cost.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
No
Service interface
Yes
Description of service interface
MAIT version 1.0.0 compliant interface required
Accessibility standards
None or don’t know
Description of accessibility
N/A Service interface is Command & Control system provided by others
Accessibility testing
N/A - Service interface is Command & Control system provided by others
API
Yes
What users can and can't do using the API
API enables the exchange of MAIT version 1.0.0 compliant messages
No changes possible
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
No

Scaling

Independence of resources
Individual user incident transfer rate is monitored and regulated to ensure that high demand from any user is unable to affect the service to other users.

Analytics

Service usage metrics
Yes
Metrics types
Number of incident messages transferred or rejected within the reporting period
Message transfer times - average and longest
MAIT hub system availability within the reporting period
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Not applicable - the MAIT hub does not store user data
Data export formats
Other
Other data export formats
N/A - the MAIT hub does not store user data
Data import formats
Other
Other data import formats
N/A - the MAIT hub does not upload user data

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
AVR MAIT Hub service has been designed for 99.99% availability calculated for each calendar month. In availability during any calendar month is less than 99.95% a refund of 10% of the monthly service charge will be made for each 1% or part of 1% of the reduced availability. The maximum user refund will be the entire monthly service charge for the month when the reduced availability occurred. Any period of unavailability due to notified planned maintenance is excluded from the above guarantee.
Approach to resilience
AVR MAIT hubs are located at independent sites with diverse connectivity. Our business continuity management system is operated and certified to ISO 22301:2019. Further details are available on request.
Outage reporting
Any outages are reported on a service user dashboard. Users may optionally register for email alerts.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
Access restrictions in management interfaces and support channels
Permission based authentication based on roles
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Alcumus ISOQAR Limited
ISO/IEC 27001 accreditation date
Registration date 17/11/2011 - Expiry date 17/11/2020
What the ISO/IEC 27001 doesn’t cover
Any activity that is not included in the Statement of Applicability
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • PSN connection compliance certification
  • Cyber Essentials Plus certification

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
HMG Security Policy Framework and PSN compliance requirements. Policies are audited within our ISO 27001 Information Security Management System (ISMS) and annual re-assessment for PSN compliance. Reporting structure is defined within ISO 27001 ISMS and has the active involvement of senior management and AVR Group SIRO.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Service components are continually reviewed throughout their lifetime to identify when it may be appropriate to deploy new components or to bring new or changed IT services into operation. Changes are planned and managed to minimize risk and to ensure optimal service availability and performance. All changes are assessed for potential security impact in accordance with our ISO27001 certified Information Security Management System and subject to penetration testing by an independent CREST accredited tester where appropriate.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Continual process to identify, evaluate, mitigate and reporting on security vulnerabilities. Hardware and software assets are scanned with vulnerability checkers and any detected vulnerabilities mitigated. Windows Server Update Services runs automatically to manage the update of Microsoft products. Vulnerability checkers provide a unified view of the state of all assets, run compliance scans and system and network vulnerability scans. Patches are deployed as soon as practicable.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Firewalls include intrusion protection, detection and reporting to assist with network-based monitoring. Email appliances provide advanced protection against spam and phishing attacks and web appliances monitor and report potential compromise attempts. Anti-malware software continually scans the network removing and reporting on any malware. Reports of any potential compromises are monitored and responded to 24 x 7 x 365.

website connections and DNS requests. This can assist in identifying mobile devices that may have connected to malicious sites by, for example, clicking a phishing link or downloading a malicious file. More advanced features can also include signature or heuristic-based detection techniques.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Any identified incidents are reported by users or own own personnel to our 24 x 7 x 365 incident management centre where they are logged before being passed to our technical team for investigation. As events are very infrequent there are no pre-determined processes, technicians escalate to management or senior colleagues if required and report in accordance with our ISO 27001 Information Security Management system

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)

Pricing

Price
£850.00 to £2,250.00 a user a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
The service may be evaluated free of charge for 14 days, there are no charges for any incidents transferred during this period however the set-up fee is payable as is any consultancy/implementation support required.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.miller@monitoring.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.