Cloud GIS Data Services (Environmental Designations and Constraints data)
GIS Data Services providing access to a wide range of third party environmental designations and constraints data via industry standard web services for consumption in web mapping&desktop GIS applications eg. QGIS. Distribution of high-quality map data across an organisation.No need to store/manage large local copies of data in-house=low overhead/cost-effective alternative.
- All products updated in line with supplier release schedule
- Compatible with OGC compliant software
- Easy to deploy
- Fast and reliable service
- Supported by specialist GIS professionals
- Optional vector data download service available
- Access to a wide range of environmental designations/constraints data
- Available in BNG/Web Mercator projections as OGC compliant WMS/WMTS
- No need to store digital geospatial data locally
- No need to maintain environmental designations and constraints data in-house
- Performant services covered by thinkWhere SLA
- Make map data available anywhere
- Everyone within your organisation uses same version of maps/data
£1500 to £20000 per unit per year
- Free trial available
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
|Service constraints||Planned maintenance will be undertaken without disruption to live services. However, in the unlikely event that maintenance may affect live services, a maintenance period will be scheduled and communicated to customers in advance.|
|System requirements||Ability to consume standards compliant HTTPS data feeds|
|Email or online ticketing support||Email or online ticketing|
|Support response times||ThinkWhere provide a monitored Service Desk available from 08:30 to 17:30 Monday to Friday with the exception of Christmas Day, Boxing Day and New Year’s Day public holidays. Our target response time in within 1 hour during these times. A case number and a priority will be allocated to the call by a member of our Service Desk and a target resolution date will be set according to call priority, as detailed in our Service Level Agreement.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Standard Service Support Levels
Priority Nature of query Target response time Target resolution time
1 Urgent and major fault on the system affecting all users including system unavailability with no workaround 1 hour 4 hours after call response
2 Significant and/or non-urgent fault affecting many users e.g. specific functionality/data 1 hour 1 business day after call response
3 Minor fault with no significant impact on usage / request for support relating to functionality of a supported application 1 hour 4 business days after call response
4 Minor/cosmetic issue with workaround available. Request for support on longer term issue * 1 hour 7 business days after call response
|Support available to third parties||Yes|
Onboarding and offboarding
Upon receipt of an order a customer will be setup and provided with an organisational specific URL allowing access to the data services. Details will be provided within 48 hours of order receipt.
The thinkWhere data services are provided via standards compliant HTTPS end-points.
|End-of-contract data extraction||No customer data is retained so no off-boarding process is necessary.|
|End-of-contract process||We will arrange for your access to the services to be removed upon expiry. A formal Service Desk cancellation process ensures any relevant user information is removed from the service in line with GDPR. Account termination is conducted in line with the published terms and conditions of the service. No customer data is retained so no data off-boarding process is necessary.|
Using the service
|Web browser interface||No|
|What users can and can't do using the API||
Our Data Services use Open Geospatial Consortium web service APIs (WMS, WMTS and WFS). Users are able to use the APIs to request map data and or geographic content.
The API offers a read-only HTTPS standards compliant access to map data. Customer access is setup by thinkWhere and no changes can be made by the customer via the API.
|API automation tools||Other|
|API documentation formats||Open API (also known as Swagger)|
|Command line interface||No|
|Independence of resources||TheMapCloud data services are architected to scale on demand based upon certain thresholds such as CPU and memory usage. This means no adverse effect on performance regardless of service demand.|
|Infrastructure or application metrics||Yes|
|Other metrics||Service requests|
|Reporting types||Regular reports|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||Physical access control, complying with CSA CCM v3.0|
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||
|Backup controls||Customer do not control the backups.|
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Supplier controls the whole backup schedule|
|Backup recovery||Users contact the support team|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||Other|
|Other protection within supplier network||Hosting infrastructure provided by Amazon Web Services (AWS) provides security groups which are applied to all servers in the network.|
Availability and resilience
ThinkWhere’s Cloud GIS Data Services are provided 24/7 from a highly available, scalable platform.
Testing indicates availability of 99.8%.
Online 24/7 real-time monitoring systems are implemented upon thinkWhere data services to instantly notify thinkWhere staff in the unlikely event of unforeseen downtime.
|Approach to resilience||ThinkWhere data services are hosted upon Amazon Web Services employing the Multi-Zone capability, meaning we have resilience fail-over to another physical data centre location if required.|
|Outage reporting||Online 24/7 real-time monitoring systems are implemented upon thinkWhere data services to instantly notify thinkWhere staff in the unlikely event of unforeseen downtime. Any downtime is then communicated to customers via email.|
Identity and authentication
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||
Any internal management functions are not shared with customer users and restricted to internal use via user credentials.
Access to the thinkWhere support desk is restricted via username and password.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
|Devices users manage the service through||Directly from any device which may also be used for normal business (for example web browsing or viewing external email)|
Audit information for users
|Access to user activity audit information||Users receive audit information on a regular basis|
|How long user audit data is stored for||Between 1 month and 6 months|
|Access to supplier activity audit information||Users receive audit information on a regular basis|
|How long supplier audit data is stored for||Between 1 month and 6 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||We have a comprehensive Information Security Policy in place across the company. The policy has been written in alignment with the overall requirements of ISO27001. Our policy applies to all employees and agents of any external organisation who in any way support or access any of the thinkWhere systems. The operation of the policy applies to the control of all information managed by the company and it sets out clear roles and responsibilities for management and staff to ensure compliant working practices are followed. There are clear monitoring and reporting lines as well as processes for escalation and handling any policy breach.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
ThinkWhere have appointed personnel to deal with configuration management. All aspects of the thinkWhere data services are overseen by our configuration manager to ensure component technology versions and security patches are updated and applied as required.
With regards change management thinkWhere use a continuous integration pipeline with unit and integration tests to ensure production services are never adversely impacted by code or system updates.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
All hosted software is running as Docker containers within standard Linux images.
Hosting infrastructure AWS are responsible to provide updated versions of the base Linux images. thinkWhere apply these updates when required.
thinkWhere's internal configuration manager ensures hosted software versions and patches are updated / applied as appropriate.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
ThinkWhere employ a number of monitoring solutions across the technology stack such as AWS Cloudwatch, Librato, Sentry and Pingdom, as well as transactional monitoring of all activity. Active alerts are setup to email the thinkWhere team if unusual activity patterns are detected or errors are found in the system.
If notified the thinkWhere incident management process begins with the dedicated incident management team.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Online 24/7 real-time monitoring systems are implemented upon thinkWhere data services to instantly notify thinkWhere staff in the unlikely event of unforeseen downtime. Additionally, thinkWhere provide customers with phone, email and online service desk support.
When an incident is raised a standard incident response is initiated, including incident review, prioritisation and assignment of a dedicated incident response team.
Updates on incident status are provided to customers via email, phone or service desk.
|Approach to secure software development best practice||Supplier-defined process|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||No|
|Price||£1500 to £20000 per unit per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||A month's free trial access to theMapCloud Data Services can be requested via firstname.lastname@example.org.|