thinkWhere Limited

Cloud GIS Data Services (Environmental Designations and Constraints data)

GIS Data Services providing access to a wide range of third party environmental designations and constraints data via industry standard web services for consumption in web mapping&desktop GIS applications eg. QGIS. Distribution of high-quality map data across an organisation.No need to store/manage large local copies of data in-house=low overhead/cost-effective alternative.


  • All products updated in line with supplier release schedule
  • Compatible with OGC compliant software
  • Easy to deploy
  • Fast and reliable service
  • Supported by specialist GIS professionals
  • Optional vector data download service available
  • Access to a wide range of environmental designations/constraints data
  • Available in BNG/Web Mercator projections as OGC compliant WMS/WMTS


  • No need to store digital geospatial data locally
  • No need to maintain environmental designations and constraints data in-house
  • Performant services covered by thinkWhere SLA
  • Make map data available anywhere
  • Everyone within your organisation uses same version of maps/data


£1500 to £20000 per unit per year

  • Free trial available

Service documents

G-Cloud 11


thinkWhere Limited

Alan Moore

01786 476060

Service scope

Service scope
Service constraints Planned maintenance will be undertaken without disruption to live services. However, in the unlikely event that maintenance may affect live services, a maintenance period will be scheduled and communicated to customers in advance.
System requirements Ability to consume standards compliant HTTPS data feeds

User support

User support
Email or online ticketing support Email or online ticketing
Support response times ThinkWhere provide a monitored Service Desk available from 08:30 to 17:30 Monday to Friday with the exception of Christmas Day, Boxing Day and New Year’s Day public holidays. Our target response time in within 1 hour during these times. A case number and a priority will be allocated to the call by a member of our Service Desk and a target resolution date will be set according to call priority, as detailed in our Service Level Agreement.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Standard Service Support Levels
Priority Nature of query Target response time Target resolution time
1 Urgent and major fault on the system affecting all users including system unavailability with no workaround 1 hour 4 hours after call response
2 Significant and/or non-urgent fault affecting many users e.g. specific functionality/data 1 hour 1 business day after call response
3 Minor fault with no significant impact on usage / request for support relating to functionality of a supported application 1 hour 4 business days after call response
4 Minor/cosmetic issue with workaround available. Request for support on longer term issue * 1 hour 7 business days after call response
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Upon receipt of an order a customer will be setup and provided with an organisational specific URL allowing access to the data services. Details will be provided within 48 hours of order receipt.

The thinkWhere data services are provided via standards compliant HTTPS end-points.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction No customer data is retained so no off-boarding process is necessary.
End-of-contract process We will arrange for your access to the services to be removed upon expiry. A formal Service Desk cancellation process ensures any relevant user information is removed from the service in line with GDPR. Account termination is conducted in line with the published terms and conditions of the service. No customer data is retained so no data off-boarding process is necessary.

Using the service

Using the service
Web browser interface No
What users can and can't do using the API Our Data Services use Open Geospatial Consortium web service APIs (WMS, WMTS and WFS). Users are able to use the APIs to request map data and or geographic content.
The API offers a read-only HTTPS standards compliant access to map data. Customer access is setup by thinkWhere and no changes can be made by the customer via the API.
API automation tools Other
API documentation Yes
API documentation formats Open API (also known as Swagger)
Command line interface No


Scaling available Yes
Scaling type Automatic
Independence of resources TheMapCloud data services are architected to scale on demand based upon certain thresholds such as CPU and memory usage. This means no adverse effect on performance regardless of service demand.
Usage notifications Yes
Usage reporting Email


Infrastructure or application metrics Yes
Metrics types Other
Other metrics Service requests
Reporting types Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Spatial Data Store
  • Customer Access Database
  • Virtual Machine Image Backups
Backup controls Customer do not control the backups.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network Other
Other protection within supplier network Hosting infrastructure provided by Amazon Web Services (AWS) provides security groups which are applied to all servers in the network.

Availability and resilience

Availability and resilience
Guaranteed availability ThinkWhere’s Cloud GIS Data Services are provided 24/7 from a highly available, scalable platform.

Testing indicates availability of 99.8%.

Online 24/7 real-time monitoring systems are implemented upon thinkWhere data services to instantly notify thinkWhere staff in the unlikely event of unforeseen downtime.
Approach to resilience ThinkWhere data services are hosted upon Amazon Web Services employing the Multi-Zone capability, meaning we have resilience fail-over to another physical data centre location if required.
Outage reporting Online 24/7 real-time monitoring systems are implemented upon thinkWhere data services to instantly notify thinkWhere staff in the unlikely event of unforeseen downtime. Any downtime is then communicated to customers via email.

Identity and authentication

Identity and authentication
User authentication Username or password
Access restrictions in management interfaces and support channels Any internal management functions are not shared with customer users and restricted to internal use via user credentials.

Access to the thinkWhere support desk is restricted via username and password.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users receive audit information on a regular basis
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have a comprehensive Information Security Policy in place across the company. The policy has been written in alignment with the overall requirements of ISO27001. Our policy applies to all employees and agents of any external organisation who in any way support or access any of the thinkWhere systems. The operation of the policy applies to the control of all information managed by the company and it sets out clear roles and responsibilities for management and staff to ensure compliant working practices are followed. There are clear monitoring and reporting lines as well as processes for escalation and handling any policy breach.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach ThinkWhere have appointed personnel to deal with configuration management. All aspects of the thinkWhere data services are overseen by our configuration manager to ensure component technology versions and security patches are updated and applied as required.

With regards change management thinkWhere use a continuous integration pipeline with unit and integration tests to ensure production services are never adversely impacted by code or system updates.
Vulnerability management type Supplier-defined controls
Vulnerability management approach All hosted software is running as Docker containers within standard Linux images.

Hosting infrastructure AWS are responsible to provide updated versions of the base Linux images. thinkWhere apply these updates when required.

thinkWhere's internal configuration manager ensures hosted software versions and patches are updated / applied as appropriate.
Protective monitoring type Supplier-defined controls
Protective monitoring approach ThinkWhere employ a number of monitoring solutions across the technology stack such as AWS Cloudwatch, Librato, Sentry and Pingdom, as well as transactional monitoring of all activity. Active alerts are setup to email the thinkWhere team if unusual activity patterns are detected or errors are found in the system.

If notified the thinkWhere incident management process begins with the dedicated incident management team.
Incident management type Supplier-defined controls
Incident management approach Online 24/7 real-time monitoring systems are implemented upon thinkWhere data services to instantly notify thinkWhere staff in the unlikely event of unforeseen downtime. Additionally, thinkWhere provide customers with phone, email and online service desk support.

When an incident is raised a standard incident response is initiated, including incident review, prioritisation and assignment of a dedicated incident response team.

Updates on incident status are provided to customers via email, phone or service desk.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres No


Price £1500 to £20000 per unit per year
Discount for educational organisations No
Free trial available Yes
Description of free trial A month's free trial access to theMapCloud Data Services can be requested via

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑