Atkins Limited

CIRRUSlocate™ Gazetteer Service

CIRRUSlocate™ is a geographical index, providing a flexible, secure, automated and fast directory of all Great Britain’s addresses, properties and land areas. It also supports local candidate records. Using the best open source software, CIRRUSlocate™ lowers the cost of ownership for a geographical index.


  • Gazetteer range – focussing the number of records returned
  • Find Address (full) from British National Grid location
  • Support for applications using British National Grid reference format
  • Support for applications using Word Geodetic reference format
  • Search for complete address details using free text
  • Search for complete address details using a UPRN
  • Search for Address and all decedents (Full) by UPRN
  • Retrieves complete address details and all its descendants
  • Records not included in the national dataset can be managed


  • Flexible OpenAPI standard - service consumed as customer requires
  • Gazetteer data in the right format at the right time
  • Data transformation - using industry leading FME Server
  • Mobile - access to business address data on the move
  • Open Source – integrates best of breed components
  • Low cost of ownership through open source and cloud
  • Scalable to meet variable user demands
  • Resilient – multiple nodes, automatic restart after failover
  • High performance – through best of breed components and infrastructure


£13000 to £21000 per licence per year

  • Free trial available

Service documents


G-Cloud 11

Service ID

6 5 7 1 1 8 0 2 8 6 8 6 4 9 0


Atkins Limited

Jonny Hope

+44 1372 75 2633

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints No
System requirements
  • A modern, standards compliant web browser
  • Client side API

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Business Day: Our dedicated Technical Support team supports external customers, during contracted hours of support. Response times are aligned to the following incident priority levels: A - Critical, respond in 2 working hours providing circumvention instructions where possible or fix. B - Major, respond in 4 working hours details as per priority A. C&D - Functional or intermittent Incident, respond in 8 working hours details as per priority A. Classification details are available for each Priority.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Standard Support - available during 08:00 – 18:00 hours, Monday to Friday (not English Public Holidays). Incidents may be logged via the web, telephone or email during these times. Additionally, Incidents may be logged via the web outside of these hours, but they will not be progressed until the next working day. Software fixes will be progressed during these hours, and a release made available in line with the Customers agreement. 7 days per week – see Standard Hours, the addition being able to log and receive responses to Incidents during the additional hours. Please note that we operate a Restoration of Service (RoS) approach to support on the additional days e.g. Saturday, Sunday and English public holidays – See below for RoS definition. 24/7 - see 7 days per week, the addition being able to log and receive responses on a 24/7 basis. Restoration of Service (RoS) – during extended hours of support the aim is to get the Customer operational as soon as possible. Software fixes will not be provided during the additional hours of support. Incidents remain the responsibility of the Technical Support team throughout the life cycle.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Data restoration and migration are not part of this service by default. Both of these options can be purchased separately. Atkins is able to migrate existing client data such as Candidate Records or User Defined Records into CIRRUSlocate™ so that they are available for the Gazetteer searches. The price of this service is dependent upon the amount and variety of legacy data to be migrated and will be determined during a clarification exercise prior to the commissioning of any work.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction A standard database backup of any candidate record data will be made available to the client upon termination of the service.
End-of-contract process Once the contract has ended the account will be removed from the service and any local candidate records destroyed.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
Service interface No
What users can and can't do using the API Not applicable.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment No
Customisation available Yes
Description of customisation We can provide customisation to enable the use of CIRRUSlocate with client applications, This is done through the creation of “System Connectors” that encapsulate the business logic to be applied to gazetteer search results.


Independence of resources We use a Private Cloud platform that has been scaled by our service provider to support a very large customer base. Each on-boarded customer is allocated virtual servers for the service to run on, these virtual servers have an allocation of resources dedicated to them and so users are not impacted by the demands of other users.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency Never
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach The service provided, uses address data from AddressBase Premium. There should be no requirement to export the data from CIRRUSlocate™. Should an export of the local candidate data be required, this can be requested separately.
Data export formats Other
Other data export formats
  • Esri File Geodatabase
  • Esri Shapefile
  • MapInfo TAB files
  • Most other GIS formats
Data import formats
  • CSV
  • Other

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Other
Other protection within supplier network Data is stored in a PostgreSQL database with security enabled, the database holds the information for the service and is not accessible from other systems. Access controls in place prevent users from accessing the database. Access to the data by Atkins staff is strictly controlled. Staff from our service provider only have access to servers in order to provide support and maintenance, they do not have access to the information held within the databases. Physical access is tightly controlled within the data centre, no member of staff has access without appropriate permissions, once logged on they cannot access the databases.

Availability and resilience

Availability and resilience
Guaranteed availability Our service provides 99% uptime during the agreed hours of service.
Approach to resilience We utilise a Private Cloud environment built using the OnApp Cloud Management platform. It provides an environment that is: - Scalable through auto-scaling (up and out) - Highly available through automatic failover and full active-active High Availability The system is deployed across a multi-node environment ensuring that node failures do not bring the system down, the cloud management platform continually balances load across nodes and moves running services across nodes when issues are detected.
Outage reporting Real-time server monitoring provides alerts to our Cloud providers when services have failed, these outages are then reported to our clients through the Technical Support helpdesk.

Identity and authentication

Identity and authentication
User authentication needed No
Access restrictions in management interfaces and support channels Access to the service API will be via a client service. The client service will need to provide the necessary authentication, i.e. through an API key.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information No audit information available
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Lloyd’s Register Quality Assurance Limited
ISO/IEC 27001 accreditation date 16/06/2010
What the ISO/IEC 27001 doesn’t cover This certificate covers the client bids and projects managed by the ADS&T division within Atkins UK&E sector, it excludes information handled within client specific secure environments that operate under more stringent security controls.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Atkins Aerospace, Defence, Security and Technology (ADS&T) holds ISO 27001 and all our UK businesses are independently certified as achieving the ISO 9001:2008 quality management standard. Atkins follows a Business Management System (BMS) approach that brings together all of our business processes in one place. The BMS assures our clients through the certification of ISO 9001, OHSAS 18001 and ISO 14001, and forms a key part of the Atkins Governance Framework, which also includes our Group Policy Statements and Code of Conduct. BMS is key part of our governance process, translating the Group controls into a set of core processes that are applicable across the business.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Configuration control is performed using source code management and version numbering. Our change management process is invoked whenever a change to the system is required. A change management plan is created, including identification of risks and associated mitigation. Software changes are managed in accordance with TickITplus accredited quality framework and taken through rigorous testing cycles. Before installing in the live environment, a rollback plan is formulated and any required downtime agreed. The changes are installed in live environment and checks performed to ascertain the change was successful. Where problems arise the rollback plan is initiated restoring system to baseline state.
Vulnerability management type Undisclosed
Vulnerability management approach None
Protective monitoring type Undisclosed
Protective monitoring approach Atkins shall provide: • 24 / 7 / 365 monitoring of server availability and performance with a restart option should the server fail out of hours • Threshold monitoring to ensure potential problems are detected and addressed before they become critical • Failover at any time of the day or night in the event of complete server failure • Secure off site data backup • Disaster Recovery procedures and management Business hours support services for non-critical incidents.
Incident management type Supplier-defined controls
Incident management approach Service failure severity types: Severity1 •Constitutes Service loss, preventing system usage •Critically impacts activities of Authority that depend system use; •Causes corruption of Authority Data. Severity2 •Prevents operation of particular sub-system. Could potentially: •Adversely (majorly) impact Authority activities that depend on system use. No workaround available •Cause disruption to Authority - more than trivial but less severe Severity1 Severity3 •Reproducible, has adverse impact on the activities of Authority. Can be reduced to moderate adverse impact, if workaround available. Severity4 •Intermittent/ non-reproducible. Minor adverse impact on End user service provision. Severity5 •Cosmetic flaw. Doesn’t undermine End User's confidence in displayed information.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £13000 to £21000 per licence per year
Discount for educational organisations No
Free trial available Yes
Description of free trial Full license for limited time.

Service documents

Return to top ↑