R2P Systems UK Ltd

Real Time Information On-Street and On-Bus Assets

RTI is for users, purchasers and providers of public transport. r2p provide RTI management tools via our back office, such as single journey cancellations and long-term major diversions (for LED's, TFT displays etc).

RTI includes disruption information, open data management and dissemination systems for Public Transport Real Time Journey Information.


  • On-vehicle passenger information
  • On-street passenger information
  • Live and/or scheduling detail
  • Scrolling messaging
  • Audio announcements
  • Disruption information
  • Fully customisable dashboard
  • Timetable, NaPTAN/location data import and management tools
  • System health historical reporting


  • Publishing reliable information for passengers
  • Easily accessible journey information across various platforms
  • Publishing diversions and other options for passengers
  • Allows passengers to make informed choices
  • Allows operators to control available data to passengers
  • Increases public transport opportunities for impaired passengers
  • Integration of on-street, on-bus and digital information
  • Multiple platforms for passengers to access real time information
  • Ensuring compliance with the Bus Services Act 2017 for AV
  • Live system views and status monitoring


£1,400 to £10,000 a unit

Service documents


G-Cloud 12

Service ID

5 3 0 7 1 1 2 7 7 4 3 0 8 4 7


R2P Systems UK Ltd Kim May-Papailiou
Telephone: 01293 665398
Email: UKroad@r2p.com

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
System requirements
Browser based; works on any platform

User support

Email or online ticketing support
Email or online ticketing
Support response times
Usually within the hour, 9:00am - 5:00pm Monday - Friday.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Support availability: working days by call, 24/7 by email. Standard support response times: 8 business hours. Office-based account manager provides monthly performance reporting (if necessary). This is included as part of the monthly revenue charge. Advanced support level is subject to contract. Our software systems include automated self-monitoring, enabling us to provide high levels of availability and reliability.
Support available to third parties

Onboarding and offboarding

Getting started
R2p can create a new instance of the system and, if required, obtain data feeds and configure the system to use them. Training can be provided by webcast or onsite if required. If https or VPNs are required to secure the data connections, r2p will set these up for the user.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
Links available to download documentation as a PDF
End-of-contract data extraction
Data can be exported in a range of formats using the available reporting tools. This includes APIs (for historical data), JSON, CSV, XML and database exports.
End-of-contract process
R2p will cease to accept incoming live data feeds and allow a period of time for the buyer to export their data.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The public facing services are provided with fully responsive design.
Some management functionality is most effectively carried out using a desktop or laptop as the volume of information presented on a screen is significant.
Service interface
Description of service interface
On-street and on-bus assets are accessible through iConnex.
The interface allows the user to configure and specify the destination of sign messaging, disruption information and more. The target of the information can be filtered by operators, location, and routes or services affected. Through a simple-to-use tabulated format, for planned, organised events but where disruption is inevitable, the user can create, save and select predefined messages for displays.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
On-street and on-bus assets are accessible through iConnex.
iConnex currently meets the WCAG guideline levels A and AA relevant to the system functionality. For example, all non-textual content has alternative descriptions shown in hover-over labels, and any colour coding is configurable and backed up with other textual/size indicators.
What users can and can't do using the API
The API allows access to the live processed data and to the historical data. Initial system setup requires desktop access. Once configured, all data can be imported or exported using the API. Available data export formats include HTML, ODF, PDF and XML.
API documentation
API documentation formats
  • HTML
  • ODF
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
On-street and on-bus assets are accessible through iConnex. The data reporting tools allow custom reports and dashboards to be created by authorised users. Support for customised format data feeds for incoming and outgoing date is possible by r2p engineers. Available data export formats include HTML, ODF, PDF and XML.


Independence of resources
Each customer instance operates within its own virtual machine and managed bandwidth. Multiple data integrators each handle separate incoming feeds which provide data to shared back offices. This enables the back offices to have a complete view of all data.


Service usage metrics
Metrics types
Typical metrics used: volume and quality of incoming data, volume of data requests from API, volume of requests from website and system latency.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
The available reporting tools enable data export in a range of formats and different criteria. This includes API services and reporting tools, where data is extracted via an API.
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats
  • CSV
  • Other
Other data import formats
  • TransXChange
  • Bespoke - to be agreed with buyer

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Use of firewalls and layer 3 switched network communications with subnetting. Firewalls protecting the services will be Layer 7 to allow the greatest level of protection. The r2p standard anti-virus is Bitdefender with its internal scanning engine and cloud monitoring and alerting services and providing anti-malware functionality.

Availability and resilience

Guaranteed availability
The r2p technical customer support helpdesk is physically manned with experienced English-speaking support staff to provide direct, knowledgeable support and first call advice and fixes wherever possible. The normal core hours of operation are weekdays from 09:00 to 17:00 hours. A 24-hour support arrangement is in place for key infrastructure, where customers require a full-service offering. Fault reporting is carried out by fixed line telephone, email or online inside or outside of core hours. This team is involved not only in support but also the operations and implementation of systems, providing them with unique knowledge and experience in resolving customers’ problems within agreed resolution timescales.
Faults shall be classified and addressed as: Critical - any fault affecting the provision of information to more than one feed (eg. server fault, general communications fault) within 8 hours. This will be defined as not being met where either: (i) Resolution takes longer than 8 hours, or (ii) Resolution takes less than 8 hours but the System becomes unavailable again within 1 working day from the time of resolution.
Approach to resilience
Details available on request.
Outage reporting
Fault reporting is carried out by fixed line telephone, email or online inside or outside of core hours. This team is involved not only in support but also the operations and implementation of systems, providing them with unique knowledge and experience in resolving customers’ problems within agreed resolution timescales. Visual and/or audio alerts are issued whilst calls can be automatically raised within the Fault Management System (FMS) and e-mail and or text notifications sent to pre-defined personnel. This is augmented by technical support monitoring. The system includes a dashboard presenting the status of all operating assets.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Permissions are managed through groups. Groups control which menus and data are available to the user.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Accountability is to the Board who regularly review the information security risk register. Regular testing of compliance and reviews of system configuration take place against a baseline.
r2p operate within a specified Governance framework, ensuring performance of the Services is carried out to be commercially focused, financially efficient, proactively risk-managed and maintains a positive experience for users.
Information security policies and processes
The Managing Director has overall responsibility for information security and governance. The Delivery Manager has day-to-day oversight and is responsible for delivery of the information organisational policies. Awareness and update briefings are held, including regular testing of compliance and reviews of system configuration.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
R2p configuration and change management forms part of the ISO9001 certification, and is managed by our IT Service Management tool (provides for robust change management process controls). All elements of software and infrastructure are under configuration management. Software is fully version-controlled with ability for roll back. The r2p Fault Management System (FMS) is used to track all changes to implemented systems and manage processes. Customer access to the FMS allows for full visibility of a system's history. Before sign-off, all changes are reviewed for governance, security, operational and functionality.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
R2p undertake constant review of trade press and news statements for any threats to core IT systems, eg. membership of transport trade groups for domain specific awareness. Security forms part of regular customer reviews to enable customer-specific threats to be identified. Security updates to operating system and related components including off the shelf software are configured to automatically install. The information governance process includes risk assessment of security threats.
Vulnerability monitoring is carried out using regular scans from our openVAS based vulnerability scanner. Because we control this service, it can be run at a frequency mutually agreed with the user.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Regular reviews of system usage include user logins. The system automatically reports above defined levels of increased system use.
Any potential or actual compromise becomes a critical incident with immediate response with customer and Director involvement. Critical incident management is available 24/7. If feasible, the first response is to make the system inaccessible, leaving it running for any forensic analysis that may be needed.
Incident management type
Supplier-defined controls
Incident management approach
The FMS provides a controlled framework for the identification, recording, progressing, closing and analysis of faults enabling rapid reporting of standard incident types. Faults can be reported by telephone (via a dedicated Customer Support line which will be answered by
Customer Support personnel and not an automated voice system), email or web interface. The FMS allows the Service Manager or authorised personnel to view status of all tickets (open or closed) with the ability to drill down to details. Changes to ticket status will be notified by automated email.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£1,400 to £10,000 a unit
Discount for educational organisations
Free trial available

Service documents