PDMS Limited (Professional Data Management Services Limited)

Compass Ticketing and Reservations

Compass is the complete solution for ferry ticketing and reservations. For turn-up-and-go customers there is desktop ticketing for use in port offices and mobile ticketing for use onboard vessels. Advance bookings can be taken via call centre over the phone or online over the web. Supports smart and ITSO ticketing.

Features

  • Inventory and Product Management
  • Timetable and Sailing Management
  • Turn up and go Ticket Sales using Mobile Ticketing Application
  • Reservation Management Call Centre and Online Web
  • Cash and Credit Account Management
  • Financial Integration
  • Rugged/Water proof Mobile Ticketing Machines IP67
  • Check-In
  • Reporting
  • Commercial Account Handling

Benefits

  • Increased User Efficiency
  • Easy Integration
  • Flexible, Robust Ticketing
  • Comprehensive Auditing
  • Enhanced User Experience
  • Improved System Reliability
  • Reduce Costs
  • Financial Visibility

Pricing

£2500 to £10000 per unit per month

Service documents

Framework

G-Cloud 11

Service ID

6 1 3 6 6 5 7 5 5 3 2 3 2 8 7

Contact

PDMS Limited (Professional Data Management Services Limited)

Joanne Pontee

+44 (0) 1624 664000

saasenquiries@pdms.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints No
System requirements
  • Windows7 or above PCs for Admin with Compass Client Software
  • Network access from Remote PCs to Compass Back Office

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 09:00 to 17:00 Monday to Friday, excluding UK public holidays. (24/7 and public holidays can be agreed).
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support availability 09:00 to 17:00 Monday to Friday, excluding UK public holidays. (24/7 and public holidays can be agreed). A response to a support request can be expected to be received within 4 (four) Working Hours of the support call being raised. A resolution, or work-around, can, in most cases, be expected to be received within 7.5 (seven and a half) Working Hours of the support call being raised for Priority 1 incidents. Further information is available within our Service Definition document.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Key User Training for back office data setup.
On Vessel training for pursers.
Training documentation is provided.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats Microsoft Word
End-of-contract data extraction Data Extracts can be agreed and provided.
End-of-contract process If the Service is terminated either by the Customer or by PDMS, PDMS will contact the Customer to establish your off-boarding requirements.
PDMS will supply your data to you on Termination as described below;

▪ A standard extract of data in a delimited form to facilitate on-boarding elsewhere. This will include suitable definitions of the extracted files and delimited fields.
▪ Relationships between entities will also be retained/supported through the use of appropriate keys
▪ Bespoke data extract requirements can also be provided on request, but would form part of a service request.

The cost of this is not included in the subscription to the service.

Other mechanisms are available and can be requested by Contacting PDMS (either at Take-up or at Termination). Use of another mechanism may incur an additional service charge.

Using the service

Using the service
Web browser interface No
Application to install Yes
Compatible operating systems
  • Android
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Mobile Ticketing Applications for use on the vessels runs on rugged Android PDA.
Desktop Ticketing for use in port offices runs on Windows PCs.
Online web bookings will run in a browser and is fully responsive to the size of the screen on which it is being displayed.
Service interface No
API Yes
What users can and can't do using the API XML data extracts for key information held in Compass back office can easily be provided for analysis.
API documentation No
API sandbox or test environment No
Customisation available Yes
Description of customisation Compass includes a wide range of items that can be customised.
Timetables, Ports, Fare and Ticket Types, Ships/Capacity etc are completely configurable.

Scaling

Scaling
Independence of resources PDMS can either host on a highly resilient infrastructure using multiple storage, memory and processing units across multiple locales or on premise if requested by the customer.
Each instance of Compass is allocated dedicated resources which are not impacted by other users.
PDMS holds ISO 27001:2013 Information Security Management System standard certification and Cyber Essentials.

Analytics

Analytics
Service usage metrics No

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach Secure Tier 3 Data centres Secure containers, racks or cages Physical access control Encryption of Physical media Safe destruction of physical media.
On premise installations/access agreed with client.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Compass has built in reports that can be viewed on screen, sent straight to a printer or converted to PDF or CSV.
Key reports will also be provided in XML format for analysis using MS Excel.
Data export formats
  • CSV
  • Other
Other data export formats XML for analysis in MS Excel
Data import formats Other
Other data import formats Data cannot be manually uploaded to the system

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Service Availability is set at 99.9%.

SLA's are typically;
P1 - A consultant will start to address the problem no later than 4 working hours from the time of the call being logged.

SLAs can be tailored to meet the needs of each individual customer.
Approach to resilience Available on request.
Outage reporting Email alerts inform PDMS of any unplanned outage. Planned outages are communicated to customers via email and telephone well in advance of the outage.
Mobile ticketing can operate completely offline.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Other user authentication Limited access over private secure network (PSN)
Access restrictions in management interfaces and support channels Access (to management interfaces and support channels) is restricted by least privilege access using active directory accounts with strong username and password combinations. Access is restricted on both a need and time basis with the default being that support staff do not have access.
Access restriction testing frequency At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 LRQA
ISO/IEC 27001 accreditation date 12/02/2018
What the ISO/IEC 27001 doesn’t cover Nothing - All areas of the business and our services are in scope.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes As part of its ISMS, PDMS have the following policies and processes; Information Security Policy, Secure Development Process, Acceptable Use Policy, Change Control Policy, Data Classification and Handling Policy, Data Protection Policy, Business Continuity Policy and an Incident Management Process, all of which are governed, managed and audited through our ISO certifications. All policies are owned and regularly reviewed by the relevant departmental manager. It is the responsibility of each departmental manager to ensure that all of their staff follow the information security policies and processes, however compliance is audited by the Quality and Standards Manager, with any issues identified reported to the relevant manager, for rectification. Operationally, Information Security is jointly managed by the Chief Security Officer and the Quality and Standards Manager, both of whom report directly to the Managing Director, who has overall ownership at Board Level for Security, allowing issues that require immediate escalation to be reported to the Directors. Operational Issues that do not require immediate escalation are discussed at the monthly management meetings, where it is a standing issue. All issues discussed during these meetings that require escalation are reported upwards to Board of Directors for it to be discussed, where appropriate.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All software released to test machines/environments for customer sign off prior to promotion to live environments.
Online web changes can be subject to 3rd party penetration testing at additional cost.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Constant reviews of supported software versions and patches available will determine the frequency they are applied to customer test and then live environments.
Info received from 3rd party software provider and anti virus providers.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Available on request
Incident management type Supplier-defined controls
Incident management approach PDMS allow all staff the ability to report security incidents through a number of methods, including email, telephone, and system based forms. Ultimately all reported incidents are managed by the Chief Security Officer, who follows the Incident Management Process, which identifies how the incident should be managed, including when to provide updates to any customers that may be affected. Customer Incident Reports are normally provided in a written document. All incidents are reviewed following their satisfactory conclusion, in order to determine what lessons can be learned, in order to improve the process or prevent future occurrences.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £2500 to £10000 per unit per month
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑