Analytics Engines


COBALT BSafe is a combined hardware/software solution that improves the safety, efficiency and effectiveness of local authority transport services. BSafe provides local authorities, transport providers and schools with a real-time monitoring system that can be used track students and ensure their safety and wellbeing.


  • Student bus attendance recording system using RFID or Biometrics
  • Parent/bus prefect app with unique sign ins
  • School/local authority management app enabling parent and driver messaging/alerts
  • Transport provider/bus driver app for routes, status, location
  • Real-time weather and traffic delays, and alerts
  • Advanced analytics creating a single data view across source systems
  • Real-time view of bus/student location
  • Telematics system integration


  • Real-time view of vehicle usage
  • Visibility of bus arrival times to proactively manage incidents
  • real-time bus location, ETA and notifications of service delays
  • Pupils can report incidents
  • Drivers can alert passengers in case of delays or cancellations
  • Drivers can view their assigned route and pick-up stops
  • Reporting for logistics optimisation


£850 to £42000 per licence per month

Service documents

G-Cloud 11


Analytics Engines

Scott Fischaber


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Planned maintenance is typically scheduled during Analytics Engines support hours.
System requirements CentOS or Red Hat OS operating systems

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response to support emails are typically within 1 working day (normally within 1 hour).
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Analytics Engines provides full support for the service, from level 1 to level 3. As a small company, we do not specifically stratify the support levels, although we do provide a technical account manager to oversee and manage the engagement.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started User documentation is provided. Onsite training can be provided upon request.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction The captured data can be downloaded in CSV format at any time during the contract.
End-of-contract process At the end of the contract, the buyer should either renew their license with Analytics Engines or they should remove the service and provide Analytics Engines with confirmation that the service has been removed.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices Yes
Differences between the mobile and desktop service User apps are designed to be used on mobile devices (parent/student/driver/teacher app) and the dashboard, reporting, and management services are designed to be used on a desktop.
Service interface Yes
Description of service interface A service interface is provided for user and role management and administering routes.
Accessibility standards None or don’t know
Description of accessibility The keyboard focus indicator is visible. When any component receives focus, it does not initiate change of context. The pages are titled. The purpose of links can be determined from their text. Headings describe their purpose. Changing the setting of any user interface component does not automatically cause a change of context.
Accessibility testing None
Customisation available No


Independence of resources Each customer has their own deployment of COBALT.
Within a given COBALT deployment, user quotas can be specified and where necessary workload isolation can be configured.


Service usage metrics Yes
Metrics types Service metrics are available for the runs of the data pipeline. The metrics provide details of dates of the runs, status of the runs, and duration of the runs.
Reporting types
  • API access
  • Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach The COABLT UI and API provide functionality for users to download data and results of the COBALT analytic models in CSV format.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability High-Availability can be provided on demand based on customers specific application demands.
In the event of a fault within COBALT, Analytics Engines will provide a response from front line support within 1 business day (Normal response time is 1 hour) outlining resolution steps.
Events are expected to be resolved within 2 business days of resolution plan providing at least a workaround to downgrade the criticality.
In the event of a resolution not being made available within the above timeframe a 10% credit on following months’ service for every day of failure beyond planned resolution time will be provided.
This SLA covers the COBALT software solution. This SLA does not cover services provided by the customer that COBALT utilises (e.g. Cloud/Server infrastructure, API availability, DB access, etc.). This SLA does not cover Incidents caused by User’s negligence, abuse, misapplication or use of the COBALT service other than as specified in the COBALT Service Description or other causes beyond the control of COBALT.
Approach to resilience The COBALT BSafe system is based on AWS and designed to be resilant and scalable. Once on-boarded, COBALT installation and configuration is completely automated. In the event of a catastrophic system failure the complete system (or key pieces of the system) can be redeployed to AWS. This process typically takes less than 2 hours to complete at which point backup data can begin to be loaded. The COBALT database is separated from the application which allows backup/restore following the business unit policies for the configuration of COBALT. In the event of a backup recovery being required the backup data is used to re-populate COBALT to the previous backup snapshot.
Outage reporting COBALT includes a monitoring component. The monitoring component provides a dashboard that users can log into to see reports and charts regarding service availability and any outages. Email alerts can be configured.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Management interfaces require authentication in the form of either username/password or public key authentication.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BMTRADA
ISO/IEC 27001 accreditation date 11/09/17
What the ISO/IEC 27001 doesn’t cover Scope covers all of our operations
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards We are accredited with Cyber Essentials.
Information security policies and processes Policy Manual
AE have a policy manual in place which demonstrates how the company meets the requirements of the Information Security Management System – ISO 27001. It includes the policy, responsibilities, and acts as a signpost to related system documentation.

Policy and Procedure Documents
Policy and Procedure Documents have been prepared to cover situations where their absence could lead to deviations from the company’s Information Security objectives and would introduce or elevate Information Security risks to unacceptable levels. These include: Access Control Policy, Backup and Restore Policy, Capacity Planning Policy, Change Management Policy, Credential Management Policy, Data Encryption Policy, Data Retention & Destruction, Document Control Policy, Human Resources Security Policy, Incident Management Policy, Logging and Monitoring Policy, Malware Control Policy, Patch Management Policy.

Internal Management
Analytics Engines has an ISMS owner who is responsible for the day-to-day tasks of ISO 27001. Ultimate responsibility of the system lies with the Directors of the company. We have assigned IT team members who deal with technical tasks on a daily basis.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Service components are versioned and kept under source control in private software repositories. Any changes to service components are subject to review and functional regression testing prior to release.
Vulnerability management type Undisclosed
Vulnerability management approach Vulnerability management patching follows ISO 27001 processes. Potential threats to the COBALT service are identified through a variety of means: including regular Penetration Testing, subscription to industry standard threat information system vulnerability listings, and regular OS and software level release information.
Protective monitoring type Undisclosed
Protective monitoring approach The service collects relevant accounting and audit information. Administrators can examine the audit information and in the case of finding any suspicious activity request support from Analytics Engines for further investigations.
Incident management type Undisclosed
Incident management approach Incident management events are captured following an ISO27001 policy. Users have a specified contact for incident management reports. Once investigations into an event are concluded a report is generated which can be provided to the user.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £850 to £42000 per licence per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑