Providing ISO27001 cloud based hosting for JMW mobility as a service (MaaS) including real time passenger information software, traffic signal priority systems, digital signage, VMS displays, onboard bus computers, car parking, vehicle counting, solar powered transport infrastructure and fuel management systems.
- Bus and Coach Real Time Information
- Secure Remote Access on web enabled devices
- Real Time Analysis and Statutory Reporting including historical data
- Manage and Maintain Display and VMS advertising
- Live Tracking Predictions including departure and arrival predictions for Buses
- Scheduled Bus, Coach and Rail timetable information
- Dynamic Parking Spaces and Vehicle Counting
- Traffic Signal Prority integration with UTCs
- Distribution of information to digital signage and VMS messaging
- Real Time Management of solar bus shelters
- Produce and Publish Scheduled Real Time Information to any device
- Back Office Reporting with Comprehensive Analytics System
- Generate Transport Compliance Reports in Real Time
- Help manage and reduce carbon footprint
- Provide transport data to Smart Cities Platforms
- Manage Transport Infrastructure in real time
- Control Digital Signage and VMS displays
- A single cloud based platorm for controlling MaaS
- Generate Printed Timetable Information
- Manage Maintain and Report on Depot fuel stocks
£4000 per licence
- Free trial available
JMW Systems Ltd
|Service constraints||There are no known constraints|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Support is immediately available during business hours 8.30 am-5 pm Mon - Fri . Resolution times are defined to suit the customers service level agreement document.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.0 A|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Onsite support|
JMW provide a support and service desk that can be contacted through email, phone and the electronic ticketing system linked through our hosted web-based software.
Engineer onsite support is provided throughout the UK.
Each customer has a dedicated account manager.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||JMW provide user manuals and training. End user training and service documentation is provided.|
|End-of-contract data extraction||JMW work with the customer to extract the data in an appropriate format subject to specification on notification of contract end.|
|End-of-contract process||JMW provide the client all related data stored on the customer database at the end of a contract and agree to provide all relevant documentation and a single extract of the data as per agreed specification, removing all data from the servers and backup copies.|
Using the service
|Web browser interface||Yes|
|Using the web interface||
Each unique user is provided with a secure username and password.
Access levels are dependent on requirements, the access level determines the ability to make changes through the web interface.
|Web interface accessibility standard||WCAG 2.0 A|
|Web interface accessibility testing||JMW software supports our DDA compliant products including RNIB technology.|
|What users can and can't do using the API||JMW Inforoute API is available on request. 3rd Party users cannot use the information for commercial gain. JMW operates a fair use policy for information requests from via the api.|
|API automation tools||Other|
|API documentation formats|
|Command line interface||No|
|Independence of resources||
This is controlled through different access levels agreed at the start of the contract.
Each customer has their own dedicated server.
|Infrastructure or application metrics||No|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||No|
|Equipment disposal approach||A third-party destruction service|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||
|Backup controls||JMW provide this service as standard to all customers.|
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Supplier controls the whole backup schedule|
|Data protection between buyer and supplier networks||Private network or public sector network|
|Data protection within supplier network||IPsec or TLS VPN gateway|
Availability and resilience
JMW have the following SLA's in place:
Urgent faults will have an engineer on site within a two hour period, working to either resolve the urgent fault or to downgrade to a less urgent fault within six hours and providing a complete repair within 48 hours.
Less Urgent faults would be repaired within 48 hours.
|Approach to resilience||Information is available on request.|
|Outage reporting||Should an outage occur JMW will issue an email from the service desk detailing the cause of the problem and details of when the issue will be resolved.|
Identity and authentication
|Access restrictions in management interfaces and support channels||
All users have a pre-agreed access to the web based system appropriate to their user level.
Reports are available on the system to monitor individual usage.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
|Devices users manage the service through||Directly from any device which may also be used for normal business (for example web browsing or viewing external email)|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||EY CertifyPoint|
|ISO/IEC 27001 accreditation date||20/11/17|
|What the ISO/IEC 27001 doesn’t cover||JMW systems hardware and some 3rd party reverse engineering of physical devices.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||No|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
JMW are accredited to ISO 9001:2008 and ISO 14001:2004.
We are audited externally once a year and internally each quarter to ensure we follow our policies and procedures. As part of our employee induction all new staff are trained on these policies and procedures and an annual review is completed.
Policies and procedures are available on request.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||JMW are accredited to ISO 9001:2008 and ISO 14001:2004, as part of this we are audited on our design and development process which is record on our various platforms including but not limited to JIRA and Confluence. Further information is available on request.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
JMW assess threats on a case by case basis taking into account the type of threat, the level of threat and how it affects our software and hardware infrastructure.
Patches are typically deployed on a time scale based on the level of threat. Known high vulnerabilities are patched within a few days and medium risk vulnerabilities within 10 days and low risk vulnerabilities within a month.
Information on threats typically comes from AWS, software vendor notifications and security message boards.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
JMW regularly view detailed logs of access and attempted access.
All access to servers is blocked, only allowing access to the website via the standard port.
As part of our quality assurance JMW respond instantly and put a plan in place immediately based on the level of threat.
|Incident management type||Supplier-defined controls|
|Incident management approach||
JMW have pre-defined processes in place through agreed SLA's with third party suppliers.
Users are able to report incidents through the web based ticketing system. JMW have a help desk available to assist any incidents.
JMW provide incident reports through communicate with users via the ticketing system and also provide communication via email dependant on the incident.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||No|
|Price||£4000 per licence|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||Demo systems can be accessed via web enabled devices, user training, standard SIRI integration, Local Atco.cif file or TransXchange uploads.|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|