WSP UK Limited

CorGIS

Through the power of interactive maps, CorGIS transforms intangible data into valuable insights. CorGIS's digital technology facilitates collaborative decision making, providing organisations with efficient technology driven results. Manage and analyse geospatial data in industries as varied as transport, environment and energy.

Features

  • Interactive maps
  • Model visualisation
  • User Management
  • Collaborative data manipulation
  • Data Analysis and Insight

Benefits

  • Collaborative map based data exchange
  • Efficient decision making
  • Simplified data interrogation
  • Comprehensive visual data analysis

Pricing

£1,500 a licence a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk-team@wspdigital.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 7 5 5 0 0 9 4 9 5 6 0 6 7 2

Contact

WSP UK Limited Andrew Porter
Telephone: 0161 200 5000
Email: uk-team@wspdigital.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Buyers are advised of planned maintenance and WSP endeavours to perform this process outside of core business hours.
Buyers are required to access the system using supported browsers from Microsoft, Google, Apple or Mozilla.
System requirements
Supported web browser from Microsoft (Edge), Google, Apple or Mozilla

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support is available 9:00am to 5:00pm on UK business days. Low severity: System bug or issue that has little to no impact for the end user. This includes cosmetic changes, content updates and requests to change existing system functionality. response time within 5 business days. Medium severity: System bug or issue that has an impact on a small number of end users. Response time within 2 business days. High severity: System bug or issue has a significant impact on system usage for the majority of end users. Response time within 1 business day.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
No
Web chat support
No
Onsite support
No
Support levels
WSP will provide level 2 support where:
• Cosmetic and low level usage issues that don’t affect major
application functionality. Partial, non-critical loss of functionality to
the application:
• Cosmetic issues, including images not loading
• Errors in documentation
• Impaired operations of some components, but users can continue
using the application
• Initial milestones are at minimal risk

Level 3 support
WSP will provide level 3 support where :
• Major functionality is severely impacted, production environment or
other critical system(s) are down and no workaround is immediately
available.
• Operations can continue in a restricted fashion, although long term
productivity may be adversely affected
• Elements of report data may unavailable
• A major milestone is at risk. Ongoing and incremental updates are
affected.
• The system is down or unavailable
• A potential compromise of security or data protection
• A substantial loss of service or quality of service
• Business operations have been severely disrupted
• Core application functionality has been severely disrupted

A named technical account manager or cloud support engineer may be provided on request at an additional cost.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
WSP provide online documentation.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Customer data that has been hosted by WSP will be returned electronically via a secure method.
End-of-contract process
Customer data that has been hosted by WSP will be returned to the customer electronically via a secure method. If this data is sent to a third-party an additional fee may be charged.

WSP will delete personal data after the end of services, or on expiry of a contract or agreement, unless it's necessary to retain the data by law.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
No
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Data, functionality, analytics and branding can be customised at the outset and during the service period through engagement with WSP.

Scaling

Independence of resources
Vertical and horizontal scaling features are available on the basis of load and utilization. Micro-service architecture facilitates bottlenecks to be identified, addressed and scaled with replicas, if necessary. User-based operations are scoped and curated within the application such that no one single user-operation can bring down the system.

Analytics

Service usage metrics
Yes
Metrics types
Metrics focus on Service/System Availability, Reliability (Mean Time Between Failure and Mean Time To Repair), Response Time and User Activity. Additional metrics may be available upon Request.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Other
Other data at rest protection approach
Our protection of data at rest is through hardware encryption and endpoint firewall management systems. This is in addition to a rigorous access management policy that has been implemented around the perimeter of our infrastructure.
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data/maps may be exported in pdf format on demand.
Data export formats
Other
Other data export formats
PDF
Data import formats
  • CSV
  • Other
Other data import formats
Shapefiles

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
WSP will endeavour to ensure that the CorGIS software is available 99% of the time, excluding any periods of scheduled maintenance*. *During UK business hours, excluding weekends, unless otherwise stated.
Approach to resilience
CorGIS is centrally managed, serving users the correct level of access for their role. CorGIS incorporates up-to-date and regularly patched software Audit logs are regularly monitored and any suspicious activity investigated. Compliance with the GDPR guidelines for data handling, data processing, and industry standards for security management. We comply with standard release management and workflows.
Outage reporting
Service outages are reported by email, monitoring and collaboration tools.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Users need to be properly authenticated before being permitted to perform management activities, report faults or request changes to the service.
Authentication is handled by a Third Party provider
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Bureau Veritas Certification
ISO/IEC 27001 accreditation date
16/07/2013
What the ISO/IEC 27001 doesn’t cover
The certificate applies to the secure provision of IT services to all WSP sites in the UK.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials Plus (CE+)

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
WSP UK Ltd are ISO/IEC 27001 compliant. The CorGIS team are in the process of gaining accreditation.
Information security policies and processes
WSP UK Ltd is committed to ensuring that the confidentiality, integrity, and availability of all our systems and employees awareness of their responsibilities are maintained at an appropriate level. Every member of staff is responsible for reading the WSP Information Security Policy and ensuring that its provisions are carried out.

A management framework has been established to initiate and control the implementation of information security within the Company. A corporate Information Security Review Forum (ISRF) was therefore created, with members drawn from IT, Audit, HR and the major divisions of the Company.

WSP standards and procedures are continually developed to ensure compliance with current legislation and industry standards.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Technology and process changes are approved and prioritised by the Development team before work commences. For each change, WSP perform an impact analysis on the IT environment and an assessment of security risks. Affected stakeholders are notified of significant changes and any action required on their part.

Changes are subject to testing and QA cycles prior to deployment to a production environment. All code changes require strict guidelines for initiation, development, testing and approval.

Lattice documentation and configuration management systems are updated to reflect its current state and configuration. Information is maintained in accordance with security and privacy guidelines.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our infrastructure is secured using cloud services and data is encrypted at rest and in transit with Authentication, Auditing and Access Controls. Data cleansing and psuedoanonymisation is conducted where required. External tools are used to scan infrastucuture and applications regularly for vulnerabilities, including developer commits. We use error tracing services against live websites to proactively check against security issues and errors, monitoring live feeds for suppliers, all underpinned by appropriate alerting in real-time. When a vulnerability is found, we register it as a P1 and promptly develop and release a fix as a matter of urgency.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
. Inbuilt monitoring and logging for the entire platform, providing visibility and an understanding of who is accessing our system in real-time.

. Proactive alerting and monitoring systems provides root cause analysis.

. Adherence to KPIs for security and up-time - alerts are triggered when performance is outside of baseline

. WSP team identify resources and respond according to agreed SLAs
Incident management type
Supplier-defined controls
Incident management approach
The Incident Management process for CorGIS describes the activities that take place to resolve incidents within the service management web portal. Interactions which are determined to be anything other than an incident are outside the scope of this process.

An incident is reported to the service management web portal, a reference number assigned and the issue is then triaged by the support team. It is then categorised and prioritised according to agreed SLAs .

Incident reports are provided by email.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£1,500 a licence a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk-team@wspdigital.com. Tell them what format you need. It will help if you say what assistive technology you use.