thinkWhere Limited

Cloud GIS Data Services (Environmental Designations and Constraints data)

GIS Data Services providing access to a wide range of third party environmental designations and constraints data via industry standard web services for consumption in web mapping&desktop GIS applications eg. QGIS. Distribution of high-quality map data across an organisation.No need to store/manage large local copies of data in-house=low overhead/cost-effective alternative.


  • All products updated in line with supplier release schedule
  • Compatible with OGC compliant software
  • Easy to deploy
  • Fast and reliable service
  • Supported by specialist GIS professionals
  • Optional vector data download service available
  • Access to a wide range of environmental designations/constraints data
  • Available in BNG/Web Mercator projections as OGC compliant WMS/WMTS


  • No need to store digital geospatial data locally
  • No need to maintain environmental designations and constraints data in-house
  • Performant services covered by thinkWhere SLA
  • Make map data available anywhere
  • Everyone within your organisation uses same version of maps/data


£1500 to £20000 per unit per year

  • Free trial available

Service documents


G-Cloud 11

Service ID

5 2 8 3 6 1 5 7 8 5 8 6 7 1 9


thinkWhere Limited

Alan Moore

01786 476060

Service scope

Service constraints
Planned maintenance will be undertaken without disruption to live services. However, in the unlikely event that maintenance may affect live services, a maintenance period will be scheduled and communicated to customers in advance.
System requirements
Ability to consume standards compliant HTTPS data feeds

User support

Email or online ticketing support
Email or online ticketing
Support response times
ThinkWhere provide a monitored Service Desk available from 08:30 to 17:30 Monday to Friday with the exception of Christmas Day, Boxing Day and New Year’s Day public holidays. Our target response time in within 1 hour during these times. A case number and a priority will be allocated to the call by a member of our Service Desk and a target resolution date will be set according to call priority, as detailed in our Service Level Agreement.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Standard Service Support Levels
Priority Nature of query Target response time Target resolution time
1 Urgent and major fault on the system affecting all users including system unavailability with no workaround 1 hour 4 hours after call response
2 Significant and/or non-urgent fault affecting many users e.g. specific functionality/data 1 hour 1 business day after call response
3 Minor fault with no significant impact on usage / request for support relating to functionality of a supported application 1 hour 4 business days after call response
4 Minor/cosmetic issue with workaround available. Request for support on longer term issue * 1 hour 7 business days after call response
Support available to third parties

Onboarding and offboarding

Getting started
Upon receipt of an order a customer will be setup and provided with an organisational specific URL allowing access to the data services. Details will be provided within 48 hours of order receipt.

The thinkWhere data services are provided via standards compliant HTTPS end-points.
Service documentation
Documentation formats
End-of-contract data extraction
No customer data is retained so no off-boarding process is necessary.
End-of-contract process
We will arrange for your access to the services to be removed upon expiry. A formal Service Desk cancellation process ensures any relevant user information is removed from the service in line with GDPR. Account termination is conducted in line with the published terms and conditions of the service. No customer data is retained so no data off-boarding process is necessary.

Using the service

Web browser interface
What users can and can't do using the API
Our Data Services use Open Geospatial Consortium web service APIs (WMS, WMTS and WFS). Users are able to use the APIs to request map data and or geographic content.
The API offers a read-only HTTPS standards compliant access to map data. Customer access is setup by thinkWhere and no changes can be made by the customer via the API.
API automation tools
API documentation
API documentation formats
Open API (also known as Swagger)
Command line interface


Scaling available
Scaling type
Independence of resources
TheMapCloud data services are architected to scale on demand based upon certain thresholds such as CPU and memory usage. This means no adverse effect on performance regardless of service demand.
Usage notifications
Usage reporting


Infrastructure or application metrics
Metrics types
Other metrics
Service requests
Reporting types
Regular reports


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
What’s backed up
  • Spatial Data Store
  • Customer Access Database
  • Virtual Machine Image Backups
Backup controls
Customer do not control the backups.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
Other protection within supplier network
Hosting infrastructure provided by Amazon Web Services (AWS) provides security groups which are applied to all servers in the network.

Availability and resilience

Guaranteed availability
ThinkWhere’s Cloud GIS Data Services are provided 24/7 from a highly available, scalable platform.

Testing indicates availability of 99.8%.

Online 24/7 real-time monitoring systems are implemented upon thinkWhere data services to instantly notify thinkWhere staff in the unlikely event of unforeseen downtime.
Approach to resilience
ThinkWhere data services are hosted upon Amazon Web Services employing the Multi-Zone capability, meaning we have resilience fail-over to another physical data centre location if required.
Outage reporting
Online 24/7 real-time monitoring systems are implemented upon thinkWhere data services to instantly notify thinkWhere staff in the unlikely event of unforeseen downtime. Any downtime is then communicated to customers via email.

Identity and authentication

User authentication
Username or password
Access restrictions in management interfaces and support channels
Any internal management functions are not shared with customer users and restricted to internal use via user credentials.

Access to the thinkWhere support desk is restricted via username and password.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
We have a comprehensive Information Security Policy in place across the company. The policy has been written in alignment with the overall requirements of ISO27001. Our policy applies to all employees and agents of any external organisation who in any way support or access any of the thinkWhere systems. The operation of the policy applies to the control of all information managed by the company and it sets out clear roles and responsibilities for management and staff to ensure compliant working practices are followed. There are clear monitoring and reporting lines as well as processes for escalation and handling any policy breach.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
ThinkWhere have appointed personnel to deal with configuration management. All aspects of the thinkWhere data services are overseen by our configuration manager to ensure component technology versions and security patches are updated and applied as required.

With regards change management thinkWhere use a continuous integration pipeline with unit and integration tests to ensure production services are never adversely impacted by code or system updates.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
All hosted software is running as Docker containers within standard Linux images.

Hosting infrastructure AWS are responsible to provide updated versions of the base Linux images. thinkWhere apply these updates when required.

thinkWhere's internal configuration manager ensures hosted software versions and patches are updated / applied as appropriate.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
ThinkWhere employ a number of monitoring solutions across the technology stack such as AWS Cloudwatch, Librato, Sentry and Pingdom, as well as transactional monitoring of all activity. Active alerts are setup to email the thinkWhere team if unusual activity patterns are detected or errors are found in the system.

If notified the thinkWhere incident management process begins with the dedicated incident management team.
Incident management type
Supplier-defined controls
Incident management approach
Online 24/7 real-time monitoring systems are implemented upon thinkWhere data services to instantly notify thinkWhere staff in the unlikely event of unforeseen downtime. Additionally, thinkWhere provide customers with phone, email and online service desk support.

When an incident is raised a standard incident response is initiated, including incident review, prioritisation and assignment of a dedicated incident response team.

Updates on incident status are provided to customers via email, phone or service desk.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart

Energy efficiency

Energy-efficient datacentres


£1500 to £20000 per unit per year
Discount for educational organisations
Free trial available
Description of free trial
A month's free trial access to theMapCloud Data Services can be requested via

Service documents

Return to top ↑