Airbus Defence and Space Limited

Airbus Information on Demand Services: WMS / WMTS / WFS / APIs

To facilitate the efficient delivery of geospatial data, Airbus provides OGC and INSPIRE compliant WMS, WMTS and WFS web services and APIs. Our web services are delivered from our secure in-house UK hosting facility.


  • Customer data hosting and management including Change Only Update
  • High volume service capability
  • Robust SLA with high service availability
  • Best of breed technology components including Open Source technology
  • Management and reporting analytics
  • Service includes support and management
  • Options for UK based owned datacentre and/or public cloud hosting


  • Common data maintained centrally, saving duplication of resource efforts
  • Automated data supply and order fulfilment available 24/7
  • Full audit trail and management statistics for accountability
  • Managed data distribution costs
  • Reduced data distribution costs
  • Role based user management controls meaning data sharing with confidence


£112.50 per unit per month

  • Free trial available

Service documents

G-Cloud 10


Airbus Defence and Space Limited

Airbus Customer Service Operation Centre

+44 (0) 1633715000

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints No, there are no constraints. A notification is provided if there is planned maintenance scheduled with 5 days advance notice.
System requirements Requires a OGC client to access OGC services

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times are based on severity and are determined by your requirements as defined in the Service Level Agreement during contractual discussions. We recognise the unique needs of each individual customer and strive to accommodate, where possible, all of your requirements in relation to answering your support questions and resolving with the tickets you raise. This could include weekend support or 24/7 support if required. Response times offered range from 1 hour to 8 hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 A
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Phone and email service support as well as access to 24/7 ticket logging is included in the prices listed in the Pricing document. A submitted issue or a query can be allocated a priority with different levels of response. Extended support options, which can be tailored to customer requirements, are not included but are available on request. Prices for the extended support options will be negotiated with the customer, with technical support based on the SFIA Rate Card.  Airbus will provide an Account Manager for both managing the relationship with the customer and as a means of escalation.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Designed to be intuitive with on-site training, user documentation, customised training, FAQs and help documentation.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction Upon conclusion of the service, the following will occur:
• Arrangements are made with the customer to transfer back the latest versions of all data content if required.
• The data will be transferred using an agreed delivery mechanism based on customer requirements.
• All user accounts and data owned by the customer will be deleted.
• Data logs related to usage of the service during the contracted period will also be returned to the customer if required, together with agreed relevant audit trail information.
End-of-contract process Prior to contract expiry we will discuss with the customer their future requirements. If this is to extend the contract term we will support the customer during their procurement process. If the requirement is to cease, or transition the service we will fulfill our obligations as described within the contract. This could include, but is not limited to, removal of all live data and the storage of archived data for a pre-defined period. All end-of-contract support will be discussed during contract negotiations

Using the service

Using the service
Web browser interface No
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility This service is accessed through applications and software that support OGC standards. OGC standards do not support accessibility standards.
Accessibility testing None
What users can and can't do using the API Users may be able to access the API via a URL with a set of defined parameters. A JSON response will be returned with the search terms supplied for reference and diagnostics. When not supplied, search term elements will be omitted from the JSON response.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available No


Independence of resources Performance is ensured through the use of load balancer technology, duplication of server resources in server farms, provision of substantial internet bandwidth and continuous service monitoring.


Service usage metrics Yes
Metrics types All incoming/outgoing traffic is logged so we can report many metrics including number of requests, number of requests by type, number and identity (username) of users/companies making the requests, daily/weekly/monthly/annual usage, datasets being requested, orders placed, spatial location and extents of requests and so on.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach View and download data through OGC services
Data export formats Other
Other data export formats
  • JPEG
  • TIFF
  • PNG
  • GML
  • HTML
  • XML
  • ASCII text file
  • JSON
Data import formats Other
Other data import formats
  • JPEG
  • TIFF
  • PNG
  • GML
  • HTML
  • XML
  • ASCII text file
  • GDB

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Our standard service availability is 99% but enhanced service availability can be provided to meet your requirements, on request.
Whilst there is currently no service credit policy for our services, if service credits are required then Airbus would be happy to discuss this on a case by case basis.
Approach to resilience Resilience is ensured through the use of load balancer technology, duplication of server resources, redundant internet connectivity, power protection (UPS) and managed RAID storage.
Outage reporting Customers are notified in advance via email of any scheduled maintenance on the service. For a non-scheduled outage, all affected customers are immediately notified via an email alert.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels Full user authentication if required and managed firewalls
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users receive audit information on a regular basis
How long user audit data is stored for User-defined
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 23/04/2018
What the ISO/IEC 27001 doesn’t cover This service is managed by the Airbus Defence and Space Intelligence (UK) Programme Line. This certification information is for Airbus Defence and Space Intelligence (UK) with offices in Guildford, Leicester, Newcastle and Newport. Any services outside of Intelligence (UK) are not covered by this certification.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Cyber Essentials Plus
Information security policies and processes Airbus is committed to providing good security practices, our IT infrastructure and access controls were put together following the guidelines and good practice of ISO 27002:2013, Code of Practice for Information Security Management and is compliant with the requirements of ISO 27001:2013. The Information Security Management System (ISMS) covers interlinked processes controlled by an IS Policy, covering:

* Physical and Environmental security on access control to buildings and restricted areas,
* Communications and operations of computer systems and network facilities,
* Preservation of data,
* Asset management with levels of protection,
* Information Security Incident management and reporting
* Compliance to data and information regulations
* Electronic Commerce Services
* Personnel Security Responsibilities and Information Security training
* Information System Acquisition and Development
* Business Continuity and Disaster Recovery Plan

The ISMS is the responsibility of the Deputy Managing Director in close liaison with the Security Council made up of IT personnel, Security and Quality Assurance Managers. The objective being to maintain, develop and keep secure the information Assets in accordance with Security Policy requirements and the needs of the business and Customers. This includes availability, capacity, business continuity and security monitoring and policy.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Airbus’s well-defined process evaluates changes in order to prevent unintended incidents affecting the quality and security of our services. One key element is the consideration of security implications whereby we follow standard methods and procedures to assess and resolve any risks. The Change Management process is regularly audited internally against ISO9001 and ISO27001 to ensure it continually meets these standards. Airbus’s Configuration Management Plan identifies responsibilities and procedures, as well as technical baselines and configuration data that are to be established and maintained. The Release/Configuration Manager records what is deployed and where, and manages the versioning of all Configuration Items.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Airbus has a vulnerability management framework that will be customised for G Cloud requirements. Regular patching forms part of the overall process, information / alerts on potential threats will be provided by the relevant software vendors RedHat, Microsoft, GovCERT etc. On identification of a potential technical vulnerability, a vulnerability risk assessment is to be carried out to determine which systems are affected, the likely impact upon each and the actions or controls that are available to mitigate the associated risks. Addressing of any potential technical vulnerability is to be proportionate and timely.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Airbus will work with the customer to establish protective monitoring controls relevant to the service or solution provided. An industry standard security information and event management package will deployed to gather and analyse the collected log/event information against the protective monitoring controls. Altering or reporting of any incidents detected will also be defined and agreed with the customer.
Ensuring the correct protective monitoring controls are defined and managed over time is key to the operation of the protective monitoring system.
Incident management type Supplier-defined controls
Incident management approach All Security incidents are promptly reported via the BMS incident tool. The Security Council with the appropriate service team:

• initiate collection of evidence
• investigate incident;
• ensure that incident is clearly identified;
• document incident and its handling/resolution
• implement necessary immediate corrective action
• escalate within the company or to a corporate level as appropriate;
• escalate to customers or clients as appropriate;
• identify any preventive measures to be considered;
• make sure incident is reported at next meeting of the Security Council.
• inform those involved with the incident of the outcome of the investigation

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £112.50 per unit per month
Discount for educational organisations No
Free trial available Yes
Description of free trial If you would like to carry out a trial of our service, please contact us to discuss your individual requirements.


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑