SELECTAMARK SECURITY SYSTEMS PLC

BikeRegister the National Cycle Database

BikeRegister is the UK's National Cycle Database with over 970,000 registered bikes. Registration of bicycles is free and bicycle owners can purchase bike marking kits to protect their bicycles from theft. Used by all UK police forces to combat cycle theft and reduce cycle crime. Also Annual Cycle Crime Conference.

Features

  • Free searches for police officers.

Benefits

  • Reduces bicycle theft.

Pricing

£9.99 a unit

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at SALES@SELECTAMARK.CO.UK. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

7 4 1 9 0 7 4 2 6 9 9 0 7 9 3

Contact

SELECTAMARK SECURITY SYSTEMS PLC JASON BROWN
Telephone: 01689860757
Email: SALES@SELECTAMARK.CO.UK

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
The Company carries out planned maintenance as and when required to ensure high security levels and optimum functionality of systems. All planned maintenance is communicated in the website portal.
System requirements
  • Modern web browser
  • Anti-virus technology

User support

Email or online ticketing support
Email or online ticketing
Support response times
<2 business days. Typically <4 business hours.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Support includes access to software updates, a named Account Manager and a Client Support Helpdesk.
Support available to third parties
No

Onboarding and offboarding

Getting started
Online training, onsite training and user documentation.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
When the contract ends Selectamark can extract data in csv format.
End-of-contract process
If the subscription is not renewed, access to the information and service is terminated. At the end of end of the contract, upon agreement, client data is either destroyed, exported or securely transferred. If the data export requested is of a bespoke nature, fees may be payable.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None.
Service interface
Yes
Description of service interface
Web application to allow registration of bicycles by members of the public and search facility for law enforcement and police.
Accessibility standards
WCAG 2.1 A
Accessibility testing
The web application is regularly run against online testing tools for errors, WCAG 2.1 accessibility, browser compatibility, W3C web standards and usability.
API
No
Customisation available
Yes
Description of customisation
Police officers can add bicycle marking events including date, time and location of planned event.

Scaling

Independence of resources
Capacity is monitored to ensure adequate resources are always available.

Analytics

Service usage metrics
Yes
Metrics types
Summary metrics including bicycles registered, active members, police forces using website. We also provide statistics regarding usage per Police Force upon request.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Bespoke reports are available and can be exported in CSV format.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.9% website uptime.
Approach to resilience
Available on request.
Outage reporting
A public dashboard.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
The principle of least privilege is employed for all roles; i.e. a strategy of limiting access to what is essential and or necessary for the performance of a certain activity. Server access is restricted to only those employees who have reason to access it. Support is only provided to individuals who can prove their position and credentials.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
No audit information available
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI Assurance UK Limited
ISO/IEC 27001 accreditation date
10/1/2019
What the ISO/IEC 27001 doesn’t cover
Nothing. All secure asset registration services are included in scope.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
LPS1224:Issue3 certified by BRE Global

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
The Company's information security policy is communicated to all staff and they are reminded of the policy through online e-learning (ISO27001 and Information Security) and regular staff meetings and awareness training. As part of ISO 27001, the Company's internal auditor reviews compliance to the policy and procedures and reports back findings at monthly and quarterly Information Security Committee meetings.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Consultation with key stakeholders takes place before a change is submitted for change management. All changes or service requests are recorded and submitted for Director approval. All changes are classified and prioritized. All changes are assessed for risk, impact and business benefit. As per ISO 27001:2013 documented procedure.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Logs are monitored regularly. Patches are deployed when required. Potential threats are identified online and with regular vulnerability scanning. As per ISO 27001:2013 documented procedure.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Protective monitoring controls include accurate time in logs, recording suspicious activity at a boundary, recording of workstation/server or device status, recording of data backup status, alerting critical events. As per ISO 27001:2013 documented procedure.
Incident management type
Supplier-defined controls
Incident management approach
All staff are trained and made aware of the incident management process which includes reporting the incident to both a specified email address and a Company Director by both email and telephone call. Incident are logged and investigated. As per ISO 27001:2013 documented procedure.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£9.99 a unit
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Free registration for serving UK police officers.
Free registration of bicycles for members of the public.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at SALES@SELECTAMARK.CO.UK. Tell them what format you need. It will help if you say what assistive technology you use.