Justride is a cloud-hosted Software-as-a-Service (SaaS) fare collection solution enabling local authorities to deploy mobile ticketing to improve customer satisfaction and reduce the cost of fare media issuance. Fares are validated electronically or visually.
- Smart mobile ticketing application
- Secure electronic and visual validation
- Back office reporting, fare management and customer support
- SDK for Mobility as a Service and 3rd part integrations
- Web portal with print at home PDF tickets
- AFC, stored value, cash digitisation
- Optional low cost electronic validator
- Cloud hosted software as a Service
- Contactless cEMV upgrade path
- Comprehensive Datawarehouse with Datamart API for extract
- 'Pay as you go' SaaS model
- Cloud hosted shared platform with evolving upgrades
- Simple fare and tariff management
- Reduced CAPEX cost
- Reduced operational cost
- Advanced fraud prevention
- Future upgrade path with extensive roadmap
- Mobility as a Service
£15000 to £1000000000 per instance per year
5 9 1 2 4 5 8 8 8 2 8 6 9 1 9
+44 207 089 8882
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Service constraints||Masabi is not currently aware of any constraints that buyers should know about that would not be expected from a service of its kind.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Response time during the week are: within 1 hour.
For critical issues, this is: 15 minutes
Response times at weekends will be: Response on the next working day.
Unless the issue is critical in which case, it will be: 15 minutes.
Masabi will provide upon request its full standard support SLAs. These can be varied depending on the agreement with each authority.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Critical - P1: Resolution: 4 hours Guaranteed Response : <60
Urgent - P2: Resolution: 8 hours Guaranteed Response : <4 hrs
Normal -P3: Resolution: As Defined Guaranteed Response :<12 hrs
Low - P4: Resolution: As planned Guaranteed Response: <24hrs
|Support available to third parties||No|
Onboarding and offboarding
|Getting started||Masabi provides comprehensive training to authority staff as well as training documentation for on-going support. Masabi also provided dedicated account management for on-going support.|
|End-of-contract data extraction||Raw data can be extracted via the API's Masabi provides.|
|End-of-contract process||Masabi will allow all customer data to be extracted from the Datawarehouse by the customer before it is permanently deleted.|
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
Mobile applications for passengers to operate as standalone apps delivered through the respective app stores.
The web portal is designed for passengers who wish to access ticketing via a browser-based service which follows responsive design practices for good user experience on both desktop and mobile.
The back office management suite is designed for use by staff employed by the client and is also browser-based and follows responsive design practices for good user experience on both desktop and mobile.
|Description of service interface||
The back office management suite is a browser-based interface that allows agencies to manage riders, fares, customer service and all aspects of the Justride system.
The web portal and mobile applications provide the ability for riders to interact with Justride to buy tickets, use their tickets and manage their account.
|Accessibility standards||WCAG 2.1 AA or EN 301 549|
|Accessibility testing||The Justride Hub UI meets WCAG 2.0 Level AA standards. We audit WCAG 2.0 compliance on a 6 month cycle to identify any areas of non-compliance which are then addressed.|
|What users can and can't do using the API||
The Justride platform offers several APIs to facilitate a variety of capabilities in the platform. These range from the ability to provision tickets to Rider accounts, issue tickets to delivered on other fae media formats, manage the lifecycle to tickets and access system event data for the purpose of reporting and reconciliation.
Justride as a platform is modular in design and so has been architected with an API centric approach. As such most functions of the platform are surfaced through an API interface.
Full documentation for all APIs is available on request.
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
Two key items can be configured as part of a deployment to meet the needs of our customers - 1. Branding and 2. Tariff/Fare Structure.
As part of the deployment of each authority, Masabi will configure the retail applications to be fully compliant with the desired branding guidelines for the customer.
Masabi will then assist the authority with onboarding staff responsible for managing the back office and configuring functions such as the tariff and fare structures.
|Independence of resources||Masabi is a cloud-hosted platform which is load tested above the maximum load experienced with any current deployment. Cloud hosting also allows the ability to scale the Justride servers elastically to support increasing demand. Furthermore, Masabi is able to manage the allocation of server resource between clients' traffic to prevent any from overpowering others causing impaired performance.|
|Service usage metrics||Yes|
|Metrics types||The Justride reporting and analytics suite empowers agencies to access and use their data to their advantage. Masabi appreciates that there is a wide range of ways in which data access and analysis can be useful, and provides a range of tools that can be easily applied depending on the task at hand and experience of the user.|
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
As well as CSV download, the Justride Data Warehouse is used to access the data through simple RESTful APIs (the Justride Data Mart APIs). Data is returned using industry standard CSV and JSON formats. Data is available as soon as it is recorded in the system providing near real time access to almost all system events (certain types of data are delivered asynchronously). Access credentials for the Data Mart APIs is managed through the Justride Hub Login Management tools.
The Data Mart APIs allow the extraction of data on an automated schedule or ad hoc manual basis.
|Data export formats||
|Other data export formats||RESTFUL JSON API|
|Data import formats||
|Other data import formats||RESTFUL JSON API|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||Masabi maintains a 99.95% uptime.|
|Approach to resilience||Available on request.|
|Outage reporting||Available upon request.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Access control is granular, with the ability to create users who can only access certain modules.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||Teamwork IMS|
|PCI DSS accreditation date||14/10/2018|
|What the PCI DSS doesn’t cover||NA|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||Other|
|Other security governance standards||PCI DSS and appropriate GDPR legislation.|
|Information security policies and processes||Masabi's information security policies are aligned with PCI and GDPR compliance, including documentation and governance processes in line with industry best practices.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||All of the software components are deployed on AWS infrastructure that is SSAE-16 / ISAE 3402 compliant. The software components flow through a PCI/GDPR process that includes both code, data protection and operational security vulnerability testing and continuous scanning.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Masabi uses industry standard tools, including those provided globally by Amazon AWS, to continuously assess the threats - both to code and operation - of the existing and to-be-deployed systems. These use internationally recognised sources of threat such as CVE.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Per previous answer, we use deployed tools which are linked to live threat databases.
We have a fully defined security response process, as required by PCI and GDPR.
|Incident management type||Supplier-defined controls|
|Incident management approach||There are defined processes for incidents and issues, which can be sourced from internal monitoring, clients or end-users. Incident reports are circulated to effected parties via electronic distribution.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£15000 to £1000000000 per instance per year|
|Discount for educational organisations||No|
|Free trial available||No|